cvedb.io
CVE-2022-23055
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2022-06-22T09:15:08.007 · Last modified 2026-06-17T04:29:25.790

Summary

In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users.

Affected products

frappe — erpnext

Does this affect you?

Add your gear to cvedb and we'll alert you only when frappe ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.