← back
CVE-2021-43847

Authorization Bypass in Space Invite in HumHub

CVSS 6.5 MEDIUMEPSS 1.2%CWE-285
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Dec 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
humhub · humhub

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/humhub/humhub/pull/5473https://github.com/humhub/humhub/releases/tag/v1.10.3https://github.com/humhub/humhub/releases/tag/v1.9.3https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/