CVE-2022-35921

Опубликовано: 01 авг. 2022

Источник: nvd

CVSS3: 3.5

CVSS3: 4.3

EPSS Низкий

Описание

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.

Ссылки

https://github.com/FriendsOfFlarum/byobu/commit/23dcf93a30f948d30c678a96681f7fdefeba5171
Patch
Third Party Advisory
https://github.com/FriendsOfFlarum/byobu/security/advisories/GHSA-6gjm-6wj6-4px5
Third Party Advisory
https://github.com/FriendsOfFlarum/byobu/commit/23dcf93a30f948d30c678a96681f7fdefeba5171
Patch
Third Party Advisory
https://github.com/FriendsOfFlarum/byobu/security/advisories/GHSA-6gjm-6wj6-4px5
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:friendsofflarum:byobu:*:*:*:*:*:*:*:*

Версия от 0.32.0 (включая) до 1.1.7 (исключая)

cpe:2.3:a:friendsofflarum:byobu:0.30.0:beta2:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00168

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-269

CWE-863

Связанные уязвимости

GHSA-6gjm-6wj6-4px5

CVSS3: 3.5

github

больше 3 лет назад

Byobu user preference to prevent private discussions being started are not respected

EPSS

Процентиль: 38%

0.00168

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-269

CWE-863