EUVD-2022-29641

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

HumHub versions allow users to retrieve data during forced password changes, resolved in upgrade.

Reporter	Title	Published	Views	Family All 11
Huntr	Improper access control could make any user export all user of website	13 Apr 202202:55	–	huntr
Circl	CVE-2022-24865	21 Apr 202200:25	–	circl
CNNVD	HumHub 安全漏洞	20 Apr 202200:00	–	cnnvd
CNVD	HumHub has an unspecified vulnerability	21 Apr 202200:00	–	cnvd
CVE	CVE-2022-24865	20 Apr 202220:05	–	cve
Cvelist	CVE-2022-24865 Improper access control in humhub	20 Apr 202220:05	–	cvelist
NVD	CVE-2022-24865	20 Apr 202220:15	–	nvd
OSV	CVE-2022-24865 Improper access control in humhub	20 Apr 202220:05	–	osv
Prion	Design/Logic Flaw	20 Apr 202220:15	–	prion
RedhatCVE	CVE-2022-24865	23 May 202501:09	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "50823da7-2366-3e9f-b6d9-468e3fc3f80d",
        "vendor": {
          "name": "humhub"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "6c3336b2-4a4e-3634-8206-0faecc6f8290",
        "product": {
          "name": "HumHub"
        },
        "product_version": "1.10.0, < 1.10.4"
      },
      {
        "id": "dc622aa9-ad57-3d92-8c30-a7095e42ae7b",
        "product": {
          "name": "HumHub"
        },
        "product_version": "< 1.9.4"
      }
    ]
  }
]

Source	Link
github	www.github.com/humhub/humhub/security/advisories/GHSA-2h35-f226-3f57
github	www.github.com/humhub/humhub/commit/eb83de20aaecc559ab77a44a6179646a99607e33
huntr	www.huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76/

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5

CVSS 24

EPSS0.00276

SSVC