CVE-2021-43847

Sažetak

HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.

Reference

https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/
https://github.com/humhub/humhub/releases/tag/v1.10.3
https://github.com/humhub/humhub/pull/5473
https://github.com/humhub/humhub/releases/tag/v1.9.3
https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-08-2022 - 13:27

Objavljeno

20-12-2021 - 22:15