trudesk_project CVE Vulnerabilities & Metrics

Focus on trudesk_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About trudesk_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with trudesk_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total trudesk_project CVEs: 20
Earliest CVE date: 10 Apr 2022, 16:15 UTC
Latest CVE date: 24 Jun 2024, 19:15 UTC

Latest CVE reference: CVE-2021-45785

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical trudesk_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.21

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	11
7.0-8.9	3
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS trudesk_project CVEs

These are the five CVEs with the highest CVSS scores for trudesk_project, sorted by severity first and recency.

CVE-2022-2128 trudesk_project Published on 20 Jun 2022, 17:15 UTC (CVSS: 7.5)
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2022-2023 trudesk_project Published on 20 Jun 2022, 04:15 UTC (CVSS: 7.5)
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2022-1775 trudesk_project Published on 20 May 2022, 23:15 UTC (CVSS: 7.5)
Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.
CVE-2022-1808 trudesk_project Published on 31 May 2022, 22:15 UTC (CVSS: 6.5)
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.
CVE-2022-1770 trudesk_project Published on 20 May 2022, 18:15 UTC (CVSS: 6.5)
Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.

All CVEs for trudesk_project

CVE-2021-45785 trudesk_project vulnerability CVSS: 0 24 Jun 2024, 19:15 UTC

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.

CVE-2023-26982 trudesk_project vulnerability CVSS: 0 29 Mar 2023, 15:15 UTC

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.

CVE-2022-1719 trudesk_project vulnerability CVSS: 0 29 Sep 2022, 03:15 UTC

Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page

CVE-2022-1718 trudesk_project vulnerability CVSS: 0 29 Sep 2022, 03:15 UTC

The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.

CVE-2022-2128 trudesk_project vulnerability CVSS: 7.5 20 Jun 2022, 17:15 UTC

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.

CVE-2022-2023 trudesk_project vulnerability CVSS: 7.5 20 Jun 2022, 04:15 UTC

Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.

CVE-2022-1947 trudesk_project vulnerability CVSS: 4.0 31 May 2022, 23:15 UTC

Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.

CVE-2022-1893 trudesk_project vulnerability CVSS: 5.0 31 May 2022, 22:15 UTC

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.

CVE-2022-1808 trudesk_project vulnerability CVSS: 6.5 31 May 2022, 22:15 UTC

Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.

CVE-2022-1926 trudesk_project vulnerability CVSS: 4.0 31 May 2022, 09:15 UTC

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.

CVE-2022-1931 trudesk_project vulnerability CVSS: 5.5 31 May 2022, 02:15 UTC

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.

CVE-2022-1752 trudesk_project vulnerability CVSS: 6.0 21 May 2022, 03:15 UTC

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.

CVE-2022-1775 trudesk_project vulnerability CVSS: 7.5 20 May 2022, 23:15 UTC

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.

CVE-2022-1803 trudesk_project vulnerability CVSS: 4.9 20 May 2022, 22:16 UTC

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.

CVE-2022-1770 trudesk_project vulnerability CVSS: 6.5 20 May 2022, 18:15 UTC

Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.

CVE-2022-1754 trudesk_project vulnerability CVSS: 4.0 20 May 2022, 07:15 UTC

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2.

CVE-2022-1728 trudesk_project vulnerability CVSS: 4.0 16 May 2022, 15:15 UTC

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

CVE-2022-1044 trudesk_project vulnerability CVSS: 4.3 12 May 2022, 08:15 UTC

Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.

CVE-2022-1045 trudesk_project vulnerability CVSS: 3.5 11 Apr 2022, 07:15 UTC

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.

CVE-2022-1290 trudesk_project vulnerability CVSS: 3.5 10 Apr 2022, 16:15 UTC

Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.