CVE-2022-45292

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

References

Link	Resource
https://dev.funkwhale.audio/funkwhale/funkwhale/-/issues/1952	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:funkwhale:funkwhale:1.2.8:*:*:*:*:*:*:*

Information

Published : 2022-12-09 14:15

Updated : 2022-12-12 16:36

NVD link : CVE-2022-45292

Mitre link : CVE-2022-45292

JSON object : View

CWE

CWE-672

Operation on a Resource after Expiration or Release

Products Affected

funkwhale