CVE-2021-43847

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/", "name": "https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/humhub/humhub/releases/tag/v1.10.3", "name": "https://github.com/humhub/humhub/releases/tag/v1.10.3", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/humhub/humhub/pull/5473", "name": "https://github.com/humhub/humhub/pull/5473", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/humhub/humhub/releases/tag/v1.9.3", "name": "https://github.com/humhub/humhub/releases/tag/v1.9.3", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74", "name": "https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74", "tags": ["Exploit", "Third Party Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-862"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-43847", "ASSIGNER": "security-advisories@github.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2021-12-20T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:humhub:humhub:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.10.3", "versionStartIncluding": "1.10.0"}, {"cpe23Uri": "cpe:2.3:a:humhub:humhub:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.9.3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-09T13:27Z"}