CVE-2022-24865
Published Apr 20, 2022
Last updated 3 years ago
Overview
- Description
- HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:humhub:humhub:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E960B8AF-6069-4859-A112-BB1058EFA3B6",
"versionEndExcluding": "1.9.4"
},
{
"criteria": "cpe:2.3:a:humhub:humhub:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6115394-5CE7-4B7D-8AB2-A500C561FBB7",
"versionEndExcluding": "1.10.4",
"versionStartIncluding": "1.10.0"
}
],
"operator": "OR"
}
]
}
]