Lucene search

[email protected]NVD:CVE-2022-45292

HistoryDec 09, 2022 - 10:15 p.m.

CVE-2022-45292

2022-12-0922:15:10

CWE-672

[email protected]

web.nvd.nist.gov

user invites

expire

reuse

account deletion

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

33.3%

JSON

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.

Affected configurations

Nvd

Node

funkwhalefunkwhaleMatch1.2.8

VendorProductVersionCPE
funkwhalefunkwhale1.2.8cpe:2.3:a:funkwhale:funkwhale:1.2.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
funkwhale	funkwhale	1.2.8	cpe:2.3:a:funkwhale:funkwhale:1.2.8:::::::*

References

dev.funkwhale.audio/funkwhale/funkwhale/-/issues/1952

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

33.3%

JSON

Related for NVD:CVE-2022-45292

prion1 cvelist1 cve1