CVE-2017-20028

Published: Jun 9, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Affected (2)

Products: Humhub: Humhub

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Humhub Humhub	Version 0.20.1
Humhub Humhub	Version 1.0.0 beta3

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

http://seclists.org/fulldisclosure/2017/Mar/48

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://vuldb.com/?id.98925

Source: cna@vuldb.com

Third Party Advisory

http://seclists.org/fulldisclosure/2017/Mar/48

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://vuldb.com/?id.98925

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.