Vulnerability Description
HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Humhub | Humhub | < 1.9.4 |
Related Weaknesses (CWE)
References
- https://github.com/humhub/humhub/commit/eb83de20aaecc559ab77a44a6179646a99607e33PatchThird Party Advisory
- https://github.com/humhub/humhub/security/advisories/GHSA-2h35-f226-3f57Third Party Advisory
- https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76/ExploitPatchThird Party Advisory
- https://github.com/humhub/humhub/commit/eb83de20aaecc559ab77a44a6179646a99607e33PatchThird Party Advisory
- https://github.com/humhub/humhub/security/advisories/GHSA-2h35-f226-3f57Third Party Advisory
- https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76/ExploitPatchThird Party Advisory
FAQ
What is CVE-2022-24865?
CVE-2022-24865 is a vulnerability with a CVSS score of 6.5 (MEDIUM). HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved ...
How severe is CVE-2022-24865?
CVE-2022-24865 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24865?
Check the references section above for vendor advisories and patch information. Affected products include: Humhub Humhub.