Lucene search
Veracode Vulnerability DatabaseVERACODE:38974HistoryJan 24, 2023 - 2:27 a.m.
Authentication Bypass
2023-01-2402:27:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
flarum
authentication bypass
vulnerability
post creation
rest api
malicious replies
software
0.001 Low
EPSS
Percentile
30.1%
flarum is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly check access for post creation when the first post is deleted, allowing an attacker who can view the discussion to create new malicious replies via the REST API, even with reply permission or lock status.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flarum/core | le | v1.6.2 | |
| flarum/framework | le | v1.6.2 | |
| flarum/core | le | v1.6.2 | |
| flarum/framework | le | v1.6.2 |
References
github.com/flarum/flarum-core/commit/e42b57713e4fdc83eddefffc07589ea739ea89f3
github.com/flarum/flarum-core/releases/tag/v1.6.3
github.com/flarum/framework/commit/12dfcc5c7960e8dc1e35e9d0a10d071923b39a76
github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015
github.com/flarum/framework/releases/tag/v1.6.3
github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725
Related
nvd
nvd
CVE-2023-22489
2023-01-13 19:15:12
github
github
cve
cve
CVE-2023-22489
2023-01-13 19:15:12
prion
prion
Improper access control
2023-01-13 19:15:00
cvelist
cvelist
CVE-2023-22489 Flarum is missing authorization in discussion replies
2023-01-13 18:03:46
