CVE-2022-24865

Improper access control in humhub

CVSS 6.5 MEDIUMEPSS 1.2%CWE-200

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.5EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 abr 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

humhub · humhub

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/humhub/humhub/commit/eb83de20aaecc559ab77a44a6179646a99607e33 https://github.com/humhub/humhub/security/advisories/GHSA-2h35-f226-3f57 https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76/