Home > Vulnerability Database > CVE-2022-3741

Mend.io Vulnerability Database

CVE-2022-3741

Good to know:

Date: October 28, 2022

Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \n\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise.

Language: Ruby

Severity Score

9.8

Related Resources (4)

Url: https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3741

Url: https://github.com/chatwoot/chatwoot/commit/9525d4f0346a2fdac13a0253f9180d20104a72d3

Url: https://www.mend.io/vulnerability-database/CVE-2022-3741

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

Top Fix

Upgrade Version

Upgrade to version v2.9.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3741

Good to know:

Date: October 28, 2022

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?