mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
106 lines
3.7 KiB
JSON
106 lines
3.7 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security-advisories@github.com",
|
|
"ID": "CVE-2021-43847",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Authorization Bypass in Space Invite in HumHub"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "humhub",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": ">= 1.10.0, < 1.10.3"
|
|
},
|
|
{
|
|
"version_value": "< 1.9.3"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "humhub"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-285: Improper Authorization"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74"
|
|
},
|
|
{
|
|
"name": "https://github.com/humhub/humhub/pull/5473",
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/humhub/humhub/pull/5473"
|
|
},
|
|
{
|
|
"name": "https://github.com/humhub/humhub/releases/tag/v1.10.3",
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/humhub/humhub/releases/tag/v1.10.3"
|
|
},
|
|
{
|
|
"name": "https://github.com/humhub/humhub/releases/tag/v1.9.3",
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/humhub/humhub/releases/tag/v1.9.3"
|
|
},
|
|
{
|
|
"name": "https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/",
|
|
"refsource": "MISC",
|
|
"url": "https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "GHSA-f5hc-5wfr-7v74",
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |