CVE Vulnerability

CVE-2022-35921

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/FriendsOfFlarum/byobu/security/advisories/GHSA-6gjm-6wj6-4px5 Third Party Advisory
https://github.com/FriendsOfFlarum/byobu/commit/23dcf93a30f948d30c678a96681f7fdefeba5171 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:friendsofflarum:byobu:0.30.0:beta2:*:*:*:*:*:*
cpe:2.3:a:friendsofflarum:byobu:*:*:*:*:*:*:*:*
Information

Published : 2022-08-01 10:15

Updated : 2022-08-10 04:56

NVD link : CVE-2022-35921

Mitre link : CVE-2022-35921

Products Affected
No products.
CWE
CWE-269