Vulnerability Description
fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Friendsofflarum | Byobu | >= 0.32.0, < 1.1.7 |
Related Weaknesses (CWE)
References
- https://github.com/FriendsOfFlarum/byobu/commit/23dcf93a30f948d30c678a96681f7fdePatchThird Party Advisory
- https://github.com/FriendsOfFlarum/byobu/security/advisories/GHSA-6gjm-6wj6-4px5Third Party Advisory
- https://github.com/FriendsOfFlarum/byobu/commit/23dcf93a30f948d30c678a96681f7fdePatchThird Party Advisory
- https://github.com/FriendsOfFlarum/byobu/security/advisories/GHSA-6gjm-6wj6-4px5Third Party Advisory
FAQ
What is CVE-2022-35921?
CVE-2022-35921 is a vulnerability with a CVSS score of 3.5 (LOW). fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to versio...
How severe is CVE-2022-35921?
CVE-2022-35921 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-35921?
Check the references section above for vendor advisories and patch information. Affected products include: Friendsofflarum Byobu.