CVE-2021-43847

medium

Description

HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.

References

https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/

https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74

https://github.com/humhub/humhub/releases/tag/v1.9.3

https://github.com/humhub/humhub/releases/tag/v1.10.3

https://github.com/humhub/humhub/pull/5473

Details

Source: Mitre, NVD

Published: 2021-12-20

Updated: 2022-08-09

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium