← volver
CVE-2021-43847

Authorization Bypass in Space Invite in HumHub

CVSS 6.5 MEDIUMEPSS 1.2%CWE-285
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
20 dic 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
humhub · humhub

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/humhub/humhub/pull/5473https://github.com/humhub/humhub/releases/tag/v1.10.3https://github.com/humhub/humhub/releases/tag/v1.9.3https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/