Vulnerabilities > CVE-2021-43847 - Missing Authorization vulnerability in Humhub

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
humhub
CWE-862

Summary

HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.

Vulnerable Configurations

Part Description Count
Application
Humhub
126

Common Weakness Enumeration (CWE)