4 matches found
CVE-2023-22488
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...
CVE-2023-22488
creationtimestamp| type| source ---|---|--- 2023-01-12 22:30:43+00:00| seen| https://t.me/cibsecurity/56448...
CVE-2023-22488 Missing authorization in Flarum
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...
CVE-2023-22488
CVE-2023-22488 affects Flarum core notification logic. The vulnerability stems from the notification-sending flow not validating that the notification subject is visible to the recipient, enabling reading of restricted/private content via subscriptions. Impact includes leakage of posts (including...