Vulnerabilities > CVE-2019-12743 - Information Exposure Through Discrepancy vulnerability in Humhub Social Network KIT 1.3.13

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

humhub

CWE-203

NVD

Published: 2019-07-29

Updated: 2021-07-21

Summary

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.

Vulnerable Configurations

Part	Description	Count
Application	Humhub Humhub Social Network KIT 1.3.13	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://humhub.org/en/news
https://github.com/chanpu9/CVE/blob/master/2019-12743