CVE-2022-24865

Improper access control in humhub

CVSS 6.5 MEDIUMEPSS 1.2%CWE-200

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.5EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 abr 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Productos afectados

humhub · humhub

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/humhub/humhub/commit/eb83de20aaecc559ab77a44a6179646a99607e33 https://github.com/humhub/humhub/security/advisories/GHSA-2h35-f226-3f57 https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76/