CVE-2022-35921

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.

Related Vulnerabilities

CVE-2015-9390

MEDIUM
CVSS:4.3(Medium)

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.

CWE-2692015

CVE-2017-10857

MEDIUM
CVSS:4.3(Medium)

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

CWE-2692017

CVE-2017-1326

MEDIUM
CVSS:4.3(Medium)

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the ...

CWE-2692017

CVE-2017-15014

MEDIUM
CVSS:4.3(Medium)

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardle...

CWE-2692017

CVE-2017-2094

MEDIUM
CVSS:4.3(Medium)

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

CWE-2692017

CVE-2017-6954

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permi...

CWE-2692017