Lucene search
Veracode Vulnerability DatabaseVERACODE:38938HistoryJan 20, 2023 - 5:36 a.m.
Information Disclosure
2023-01-2005:36:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
information disclosure
vulnerable software
access checks
0.0005 Low
EPSS
Percentile
17.9%
flarum/core is vulnerable to Information Disclosure. The vulnerability exists due to the the sync function in NotificationSyncer.php not checking if the restricted subject can be seen by the receiver, which allows an attacker to bypass access checks and gain access to sensitive posts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flarum/core | le | v1.6.2 | |
| flarum/core | le | v1.6.2 |
References
github.com/advisories/GHSA-8gcg-vwmw-rxj4
github.com/flarum/framework/commit/a131e87911b6c0499c2f0472d985164f5ff0c3c4
github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a
github.com/flarum/framework/releases/tag/v1.6.3
github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4
Related
osv
osv
Flarum notifications can leak restricted content
2023-01-10 22:27:13
github
github
Flarum notifications can leak restricted content
2023-01-10 22:27:13
nvd
nvd
CVE-2023-22488
2023-01-12 20:15:09
cvelist
cvelist
CVE-2023-22488 Missing authorization in Flarum
2023-01-12 19:24:16
prion
prion
Design/Logic Flaw
2023-01-12 20:15:00
cve
cve
CVE-2023-22488
2023-01-12 20:15:09