Home > Vulnerability Database > CVE-2022-35921

Mend.io Vulnerability Database

CVE-2022-35921

Good to know:

Date: August 1, 2022

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.

Language: PHP

Severity Score

4.3

Related Resources (4)

Url: https://github.com/FriendsOfFlarum/byobu/security/advisories/GHSA-6gjm-6wj6-4px5

Url: https://github.com/FriendsOfFlarum/byobu/commit/23dcf93a30f948d30c678a96681f7fdefeba5171

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-35921

Url: https://www.mend.io/vulnerability-database/CVE-2022-35921

Severity Score

4.3

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 1.1.7

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-35921

Good to know:

Date: August 1, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?