Search criteria
11 vulnerabilities found for Pixelfed by Pixelfed
CVE-2025-30741 (GCVE-0-2025-30741)
Vulnerability from cvelistv5 – Published: 2025-03-25 00:00 – Updated: 2025-03-26 14:44
VLAI?
Summary
Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T14:43:56.787673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T14:44:04.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pixelfed",
"vendor": "Pixelfed",
"versions": [
{
"lessThan": "0.12.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pixelfed:pixelfed:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T20:57:41.881Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://fokus.cool/2025/03/25/pixelfed-vulnerability.html"
},
{
"url": "https://github.com/pixelfed/pixelfed/releases/tag/v0.12.5"
},
{
"url": "https://mastodon.social/@pixelfed/114215925957179498"
},
{
"url": "https://news.ycombinator.com/item?id=43474425"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30741",
"datePublished": "2025-03-25T00:00:00.000Z",
"dateReserved": "2025-03-25T00:00:00.000Z",
"dateUpdated": "2025-03-26T14:44:04.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25108 (GCVE-0-2024-25108)
Vulnerability from cvelistv5 – Published: 2024-02-12 20:05 – Updated: 2025-05-07 21:03
VLAI?
Title
Insufficient authorization allowing elevated access to resources in pixelfed
Summary
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
9.9 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf"
},
{
"name": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25108",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T19:34:39.742590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T21:03:35.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pixelfed",
"vendor": "pixelfed",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.10.4, \u003c 0.11.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers\u0027 ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T20:05:23.549Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf"
},
{
"name": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037"
}
],
"source": {
"advisory": "GHSA-gccq-h3xj-jgvf",
"discovery": "UNKNOWN"
},
"title": "Insufficient authorization allowing elevated access to resources in pixelfed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25108",
"datePublished": "2024-02-12T20:05:23.549Z",
"dateReserved": "2024-02-05T14:14:46.378Z",
"dateUpdated": "2025-05-07T21:03:35.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0914 (GCVE-0-2023-0914)
Vulnerability from cvelistv5 – Published: 2023-02-19 00:00 – Updated: 2024-08-02 05:24
VLAI?
Title
Improper Authorization in pixelfed/pixelfed
Summary
Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4.
Severity ?
4.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pixelfed | pixelfed/pixelfed |
Affected:
unspecified , < 0.11.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/54d5fd76-e038-4eda-9e03-d5e95e09c0ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pixelfed/pixelfed/commit/ef56f92c3d77e9bafaa70c08b7c04d5a61b8d454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pixelfed/pixelfed",
"vendor": "pixelfed",
"versions": [
{
"lessThan": "0.11.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-19T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/54d5fd76-e038-4eda-9e03-d5e95e09c0ec"
},
{
"url": "https://github.com/pixelfed/pixelfed/commit/ef56f92c3d77e9bafaa70c08b7c04d5a61b8d454"
}
],
"source": {
"advisory": "54d5fd76-e038-4eda-9e03-d5e95e09c0ec",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in pixelfed/pixelfed"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0914",
"datePublished": "2023-02-19T00:00:00",
"dateReserved": "2023-02-19T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0901 (GCVE-0-2023-0901)
Vulnerability from cvelistv5 – Published: 2023-02-18 00:00 – Updated: 2025-03-12 19:57
VLAI?
Title
Exposure of Sensitive Information to an Unauthorized Actor in pixelfed/pixelfed
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pixelfed | pixelfed/pixelfed |
Affected:
unspecified , < 0.11.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pixelfed/pixelfed/commit/5b5f5bc38ca9ba39d0b7dacc3813fb899f71ba57"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0901",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T19:57:54.266208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T19:57:59.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pixelfed/pixelfed",
"vendor": "pixelfed",
"versions": [
{
"lessThan": "0.11.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-18T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010"
},
{
"url": "https://github.com/pixelfed/pixelfed/commit/5b5f5bc38ca9ba39d0b7dacc3813fb899f71ba57"
}
],
"source": {
"advisory": "0327b1b2-6e7c-4154-a307-15f236571010",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in pixelfed/pixelfed"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0901",
"datePublished": "2023-02-18T00:00:00.000Z",
"dateReserved": "2023-02-18T00:00:00.000Z",
"dateUpdated": "2025-03-12T19:57:59.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30741 (GCVE-0-2025-30741)
Vulnerability from nvd – Published: 2025-03-25 00:00 – Updated: 2025-03-26 14:44
VLAI?
Summary
Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T14:43:56.787673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T14:44:04.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pixelfed",
"vendor": "Pixelfed",
"versions": [
{
"lessThan": "0.12.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pixelfed:pixelfed:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T20:57:41.881Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://fokus.cool/2025/03/25/pixelfed-vulnerability.html"
},
{
"url": "https://github.com/pixelfed/pixelfed/releases/tag/v0.12.5"
},
{
"url": "https://mastodon.social/@pixelfed/114215925957179498"
},
{
"url": "https://news.ycombinator.com/item?id=43474425"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30741",
"datePublished": "2025-03-25T00:00:00.000Z",
"dateReserved": "2025-03-25T00:00:00.000Z",
"dateUpdated": "2025-03-26T14:44:04.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25108 (GCVE-0-2024-25108)
Vulnerability from nvd – Published: 2024-02-12 20:05 – Updated: 2025-05-07 21:03
VLAI?
Title
Insufficient authorization allowing elevated access to resources in pixelfed
Summary
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
9.9 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf"
},
{
"name": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25108",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T19:34:39.742590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T21:03:35.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pixelfed",
"vendor": "pixelfed",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.10.4, \u003c 0.11.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers\u0027 ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T20:05:23.549Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf"
},
{
"name": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037"
}
],
"source": {
"advisory": "GHSA-gccq-h3xj-jgvf",
"discovery": "UNKNOWN"
},
"title": "Insufficient authorization allowing elevated access to resources in pixelfed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25108",
"datePublished": "2024-02-12T20:05:23.549Z",
"dateReserved": "2024-02-05T14:14:46.378Z",
"dateUpdated": "2025-05-07T21:03:35.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0914 (GCVE-0-2023-0914)
Vulnerability from nvd – Published: 2023-02-19 00:00 – Updated: 2024-08-02 05:24
VLAI?
Title
Improper Authorization in pixelfed/pixelfed
Summary
Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4.
Severity ?
4.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pixelfed | pixelfed/pixelfed |
Affected:
unspecified , < 0.11.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/54d5fd76-e038-4eda-9e03-d5e95e09c0ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pixelfed/pixelfed/commit/ef56f92c3d77e9bafaa70c08b7c04d5a61b8d454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pixelfed/pixelfed",
"vendor": "pixelfed",
"versions": [
{
"lessThan": "0.11.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-19T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/54d5fd76-e038-4eda-9e03-d5e95e09c0ec"
},
{
"url": "https://github.com/pixelfed/pixelfed/commit/ef56f92c3d77e9bafaa70c08b7c04d5a61b8d454"
}
],
"source": {
"advisory": "54d5fd76-e038-4eda-9e03-d5e95e09c0ec",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in pixelfed/pixelfed"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0914",
"datePublished": "2023-02-19T00:00:00",
"dateReserved": "2023-02-19T00:00:00",
"dateUpdated": "2024-08-02T05:24:34.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0901 (GCVE-0-2023-0901)
Vulnerability from nvd – Published: 2023-02-18 00:00 – Updated: 2025-03-12 19:57
VLAI?
Title
Exposure of Sensitive Information to an Unauthorized Actor in pixelfed/pixelfed
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pixelfed | pixelfed/pixelfed |
Affected:
unspecified , < 0.11.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pixelfed/pixelfed/commit/5b5f5bc38ca9ba39d0b7dacc3813fb899f71ba57"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0901",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T19:57:54.266208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T19:57:59.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pixelfed/pixelfed",
"vendor": "pixelfed",
"versions": [
{
"lessThan": "0.11.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-18T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010"
},
{
"url": "https://github.com/pixelfed/pixelfed/commit/5b5f5bc38ca9ba39d0b7dacc3813fb899f71ba57"
}
],
"source": {
"advisory": "0327b1b2-6e7c-4154-a307-15f236571010",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in pixelfed/pixelfed"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0901",
"datePublished": "2023-02-18T00:00:00.000Z",
"dateReserved": "2023-02-18T00:00:00.000Z",
"dateUpdated": "2025-03-12T19:57:59.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-25108
Vulnerability from fkie_nvd - Published: 2024-02-12 20:15 - Updated: 2024-11-21 09:00
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pixelfed:pixelfed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC53226-FCCF-443B-8300-3450616781B2",
"versionEndExcluding": "0.11.11",
"versionStartIncluding": "0.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers\u0027 ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Pixelfed es una plataforma para compartir fotograf\u00edas de c\u00f3digo abierto. Al procesar las solicitudes, la autorizaci\u00f3n se verific\u00f3 de manera inadecuada e insuficiente, lo que permiti\u00f3 a los atacantes acceder a muchas m\u00e1s funciones de las que los usuarios pretend\u00edan, incluidas las funciones administrativas y de moderador del servidor Pixelfed. Esta vulnerabilidad afecta a todas las versiones de Pixelfed entre la v0.10.4 y la v0.11.9, inclusive. Existe una prueba de concepto de esta vulnerabilidad. Esta vulnerabilidad afecta a todos los usuarios locales de un servidor Pixelfed y puede afectar potencialmente la capacidad de los servidores para federarse. Se requiere cierta interacci\u00f3n del usuario para configurar las condiciones para poder ejercer la vulnerabilidad, pero el atacante podr\u00eda realizar este ataque de manera retardada, donde no se requiere activamente la interacci\u00f3n del usuario. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 0.11.11. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-25108",
"lastModified": "2024-11-21T09:00:16.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T20:15:08.590",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-280"
},
{
"lang": "en",
"value": "CWE-285"
},
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-0914
Vulnerability from fkie_nvd - Published: 2023-02-19 01:15 - Updated: 2024-11-21 07:38
Severity ?
Summary
Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pixelfed:pixelfed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71573784-3C90-4131-B37F-1D88D97BFA31",
"versionEndExcluding": "0.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4."
}
],
"id": "CVE-2023-0914",
"lastModified": "2024-11-21T07:38:05.390",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-19T01:15:16.927",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/pixelfed/pixelfed/commit/ef56f92c3d77e9bafaa70c08b7c04d5a61b8d454"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/54d5fd76-e038-4eda-9e03-d5e95e09c0ec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pixelfed/pixelfed/commit/ef56f92c3d77e9bafaa70c08b7c04d5a61b8d454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/54d5fd76-e038-4eda-9e03-d5e95e09c0ec"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-0901
Vulnerability from fkie_nvd - Published: 2023-02-18 01:15 - Updated: 2024-11-21 07:38
Severity ?
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pixelfed:pixelfed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71573784-3C90-4131-B37F-1D88D97BFA31",
"versionEndExcluding": "0.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4."
}
],
"id": "CVE-2023-0901",
"lastModified": "2024-11-21T07:38:03.710",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-18T01:15:10.973",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/pixelfed/pixelfed/commit/5b5f5bc38ca9ba39d0b7dacc3813fb899f71ba57"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/pixelfed/pixelfed/commit/5b5f5bc38ca9ba39d0b7dacc3813fb899f71ba57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/0327b1b2-6e7c-4154-a307-15f236571010"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}