CVE-2022-0226

MEDIUM4.3EPSS 0.12%

Cross-Site Request Forgery (CSRF) in livehelperchat

Published: 1/26/2022Modified: 12/6/2023

Also known as:GHSA-6jmh-9gqm-5xrxBIT-livehelperchat-2022-0226

Description

A CSRF issue is found in the audit configuration under settings. It was found that no CSRF token validation is getting done on the server-side. If we remove the CSRF token and keep the CSRF token field empty, the action is getting performed.

Affected packages (2)

Bitnami/livehelperchatfrom 0, < 2.0.0
Packagist/remdex/livehelperchatfrom 0, < 3.92

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0226
PATCHhttps://github.com/livehelperchat/livehelperchat
WEBhttps://github.com/livehelperchat/livehelperchat/commit/f59ffb02984c0ce2fbb19ac39365066507de9370
WEBhttps://huntr.dev/bounties/635d0abf-7680-47f6-a277-d9a91471c73f