Search criteria
36 vulnerabilities found for flarum by flarum
FKIE_CVE-2025-27794
Vulnerability from fkie_nvd - Published: 2025-03-12 14:15 - Updated: 2025-04-02 12:33
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.host.com`). This allows session token replacement for applications hosted on sibling subdomains (e.g., `community.host.com`) if session tokens aren't rotated post-authentication. Key Constraints are that the attacker must control any subdomain under the parent domain (e.g., `evil.host.com` or `x.y.host.com`), and the parent domain must not be on the Public Suffix List. Due to non-existent session token rotation after authenticating we can theoretically reproduce the vulnerability by using browser dev tools, but due to the browser's security measures this does not seem to be exploitable as described. Version 1.8.10 contains a patch for the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2171054-A339-41DC-9280-C90AD2727BBC",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.host.com`). This allows session token replacement for applications hosted on sibling subdomains (e.g., `community.host.com`) if session tokens aren\u0027t rotated post-authentication. Key Constraints are that the attacker must control any subdomain under the parent domain (e.g., `evil.host.com` or `x.y.host.com`), and the parent domain must not be on the Public Suffix List. Due to non-existent session token rotation after authenticating we can theoretically reproduce the vulnerability by using browser dev tools, but due to the browser\u0027s security measures this does not seem to be exploitable as described. Version 1.8.10 contains a patch for the issue."
},
{
"lang": "es",
"value": "Flarum es un software de foros de c\u00f3digo abierto. Existe una vulnerabilidad de secuestro de sesi\u00f3n en versiones anteriores a la 1.8.10 cuando un subdominio autorizado controlado por un atacante bajo un dominio principal (p. ej., `subdomain.host.com`) establece cookies con alcance en el dominio principal (`.host.com`). Esto permite el reemplazo de tokens de sesi\u00f3n para aplicaciones alojadas en subdominios hermanos (p. ej., `community.host.com`) si los tokens de sesi\u00f3n no se rotan despu\u00e9s de la autenticaci\u00f3n. Las restricciones clave son que el atacante debe controlar cualquier subdominio bajo el dominio principal (p. ej., `evil.host.com` o `xyhost.com`), y el dominio principal no debe estar en la lista de sufijos p\u00fablicos. Debido a la inexistencia de rotaci\u00f3n de tokens de sesi\u00f3n despu\u00e9s de la autenticaci\u00f3n, te\u00f3ricamente podemos reproducir la vulnerabilidad usando herramientas de desarrollo del navegador, pero debido a las medidas de seguridad del navegador, esto no parece ser explotable como se describe. La versi\u00f3n 1.8.10 contiene un parche para el problema."
}
],
"id": "CVE-2025-27794",
"lastModified": "2025-04-02T12:33:56.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-12T14:15:17.033",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flarum/framework/commit/a05aaea3ee1e0a8b870935183193cd6052f1d402"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/flarum/framework/releases/tag/v1.8.10"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-hg9j-64wp-m9px"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-21641
Vulnerability from fkie_nvd - Published: 2024-01-05 21:15 - Updated: 2025-01-17 19:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Summary
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C4E508-EB5A-43B9-B11C-81977B5BA70D",
"versionEndExcluding": "1.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe."
},
{
"lang": "es",
"value": "Flarum es un software de plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de la versi\u00f3n 1.8.5, la ruta `/logout` de Flarum incluye un par\u00e1metro de redirecci\u00f3n que permite a cualquier tercero redirigir a los usuarios desde un dominio (confiable) de la instalaci\u00f3n de Flarum para redirigir a cualquier enlace. Para los usuarios que han iniciado sesi\u00f3n, se debe confirmar el cierre de sesi\u00f3n. Los invitados son redirigidos inmediatamente. Los spammers podr\u00edan utilizar esto para redirigir a una direcci\u00f3n web utilizando un dominio confiable de una instalaci\u00f3n de Flarum en ejecuci\u00f3n. La vulnerabilidad ha sido reparada y publicada como flarum/core v1.8.5. Como workaround, algunas extensiones que modifican la ruta de cierre de sesi\u00f3n pueden solucionar este problema si su implementaci\u00f3n es segura."
}
],
"id": "CVE-2024-21641",
"lastModified": "2025-01-17T19:15:28.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-05T21:15:43.337",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-40033
Vulnerability from fkie_nvd - Published: 2023-08-16 21:15 - Updated: 2024-11-21 08:18
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2171054-A339-41DC-9280-C90AD2727BBC",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP\u0027s `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability."
}
],
"id": "CVE-2023-40033",
"lastModified": "2024-11-21T08:18:33.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-16T21:15:09.987",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-27577
Vulnerability from fkie_nvd - Published: 2023-03-10 21:15 - Updated: 2024-11-21 07:53
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87988D96-AAF1-482C-8E83-8D15504CF1E6",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.\n"
}
],
"id": "CVE-2023-27577",
"lastModified": "2024-11-21T07:53:11.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-10T21:15:15.310",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-22489
Vulnerability from fkie_nvd - Published: 2023-01-13 19:15 - Updated: 2024-11-21 07:44
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Summary
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn't be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/flarum/framework/releases/tag/v1.6.3 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flarum/framework/releases/tag/v1.6.3 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725 | Mitigation, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9F27FD-AE4D-472E-8DF4-1EE22EBE7FCC",
"versionEndExcluding": "1.6.2",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don\u0027t have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn\u0027t be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds.\n"
},
{
"lang": "es",
"value": "Flarum es una plataforma de discusi\u00f3n para sitios web. Si la primera publicaci\u00f3n de una discusi\u00f3n se elimina permanentemente pero la discusi\u00f3n permanece visible, cualquier actor que pueda ver la discusi\u00f3n podr\u00e1 crear una nueva respuesta a trav\u00e9s de la API REST, sin importar el permiso de respuesta o el estado de bloqueo. Esto incluye a los usuarios que no tienen un correo electr\u00f3nico validado. Los invitados no pueden crear correctamente una respuesta porque la API fallar\u00e1 con un error 500 cuando se inserte el ID de usuario 0 en la base de datos. Esto sucede porque cuando la primera publicaci\u00f3n de una discusi\u00f3n se elimina permanentemente, el atributo \"first_post_id\" de la discusi\u00f3n se vuelve \"nulo\", lo que hace que se omita el control de acceso para todas las respuestas nuevas. Flarum autom\u00e1ticamente hace invisibles las discusiones sin comentarios, por lo que una condici\u00f3n adicional para esta vulnerabilidad es que la discusi\u00f3n debe tener al menos una respuesta aprobada para que `discussions.comment_count` siga siendo superior a cero despu\u00e9s de la eliminaci\u00f3n de la publicaci\u00f3n. Esto puede abrir la discusi\u00f3n a spam no controlado o simplemente a respuestas no intencionales si los usuarios todav\u00eda ten\u00edan su pesta\u00f1a abierta antes de que se bloqueara la discusi\u00f3n vulnerable y luego publicar una respuesta cuando no deber\u00edan poder hacerlo. En combinaci\u00f3n con la configuraci\u00f3n de notificaci\u00f3n por correo electr\u00f3nico, esto tambi\u00e9n podr\u00eda usarse como una forma de enviar correos electr\u00f3nicos no solicitados. Las versiones entre `v1.3.0` y `v1.6.3` se ven afectadas. La vulnerabilidad ha sido reparada y publicada como flarum/core v1.6.3. Todas las comunidades que ejecutan Flarum deber\u00edan actualizar lo antes posible. No se conocen workarounds."
}
],
"id": "CVE-2023-22489",
"lastModified": "2024-11-21T07:44:54.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-13T19:15:12.037",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/releases/tag/v1.6.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/releases/tag/v1.6.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-22488
Vulnerability from fkie_nvd - Published: 2023-01-12 20:15 - Updated: 2024-11-21 07:44
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCA0BF4-79A3-4528-821A-DF5DB8692C99",
"versionEndExcluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3."
},
{
"lang": "es",
"value": "Flarum es un software de foro para construir comunidades. Al utilizar la funci\u00f3n de notificaciones, se puede leer contenido restringido/privado y evitar los controles de acceso que se implementar\u00edan para dicho contenido. El componente de env\u00edo de notificaciones no comprueba que el asunto de la notificaci\u00f3n pueda ser visto por el receptor, y procede a enviar notificaciones a trav\u00e9s de sus diferentes canales. A pesar de esto, las alertas no filtran datos, ya que se enumeran seg\u00fan una verificaci\u00f3n de visibilidad; sin embargo, a\u00fan se env\u00edan correos electr\u00f3nicos. Esto significa que, para las extensiones que restringen el acceso a las publicaciones, cualquier actor puede evitar la restricci\u00f3n suscribi\u00e9ndose a la discusi\u00f3n si la extensi\u00f3n Suscripciones est\u00e1 habilitada. El ataque permite la filtraci\u00f3n de algunas publicaciones en la base de datos del foro, incluidas publicaciones en espera de aprobaci\u00f3n, publicaciones en etiquetas a las que el usuario no tiene acceso si pudiera suscribirse a una discusi\u00f3n antes de que se vuelva privada y publicaciones restringidas por extensiones de terceros. Todas las versiones de Flarum anteriores a la v1.6.3 se ven afectadas. La vulnerabilidad ha sido reparada y publicada como flarum/core v1.6.3. Todas las comunidades que ejecutan Flarum deben actualizar lo antes posible a la versi\u00f3n 1.6.3. Como workaround, desactive la extensi\u00f3n Flarum Subscriptions o desactive las notificaciones por correo electr\u00f3nico por completo. No existen otros workarounds para este problema para las versiones de Flarum inferiores a 1.6.3."
}
],
"id": "CVE-2023-22488",
"lastModified": "2024-11-21T07:44:54.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-12T20:15:09.347",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-22487
Vulnerability from fkie_nvd - Published: 2023-01-11 20:15 - Updated: 2024-11-21 07:44
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@"<username>"#p<id>` syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into the actor post HTML, leaking its discussion ID and post number. The `mentionsPosts` relationship included in the `POST /api/posts` and `PATCH /api/posts/<id>` JSON responses leaks the full JSON:API payload of all mentioned posts without any access control. This includes the content, date, number and attributes added by other extensions. An attacker only needs the ability to create new posts on the forum to exploit the vulnerability. This works even if new posts require approval. If they have the ability to edit posts, the attack can be performed even more discreetly by using a single post to scan any size of database and hiding the attack post content afterward. The attack allows the leaking of all posts in the forum database, including posts awaiting approval, posts in tags the user has no access to, and private discussions created by other extensions like FriendsOfFlarum Byobu. This also includes non-comment posts like tag changes or renaming events. The discussion payload is not leaked but using the mention HTML payload it's possible to extract the discussion ID of all posts and combine all posts back together into their original discussions even if the discussion title remains unknown. All Flarum versions prior to 1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. As a workaround, user can disable the mentions extension.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3 | Exploit, Mitigation, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCA0BF4-79A3-4528-821A-DF5DB8692C99",
"versionEndExcluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@\"\u003cusername\u003e\"#p\u003cid\u003e` syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into the actor post HTML, leaking its discussion ID and post number. The `mentionsPosts` relationship included in the `POST /api/posts` and `PATCH /api/posts/\u003cid\u003e` JSON responses leaks the full JSON:API payload of all mentioned posts without any access control. This includes the content, date, number and attributes added by other extensions. An attacker only needs the ability to create new posts on the forum to exploit the vulnerability. This works even if new posts require approval. If they have the ability to edit posts, the attack can be performed even more discreetly by using a single post to scan any size of database and hiding the attack post content afterward. The attack allows the leaking of all posts in the forum database, including posts awaiting approval, posts in tags the user has no access to, and private discussions created by other extensions like FriendsOfFlarum Byobu. This also includes non-comment posts like tag changes or renaming events. The discussion payload is not leaked but using the mention HTML payload it\u0027s possible to extract the discussion ID of all posts and combine all posts back together into their original discussions even if the discussion title remains unknown. All Flarum versions prior to 1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. As a workaround, user can disable the mentions extension."
},
{
"lang": "es",
"value": "Flarum es un software de foro para construir comunidades. Usando la funci\u00f3n de menciones proporcionada por la extensi\u00f3n flarum/mentions, los usuarios pueden mencionar cualquier ID de publicaci\u00f3n en el foro con la sintaxis especial `@\"\"#p`. El siguiente comportamiento nunca cambia, sin importar si el actor deber\u00eda poder leer la publicaci\u00f3n mencionada o no: se inserta una URL a la publicaci\u00f3n mencionada en el HTML de la publicaci\u00f3n del actor, filtrando su ID de discusi\u00f3n y n\u00famero de publicaci\u00f3n. La relaci\u00f3n `mentionsPosts` incluida en las respuestas JSON `POST /api/posts` y `PATCH /api/posts/` filtra el payload JSON:API completa de todas las publicaciones mencionadas sin ning\u00fan control de acceso. Esto incluye el contenido, la fecha, el n\u00famero y los atributos agregados por otras extensiones. Un atacante s\u00f3lo necesita la capacidad de crear nuevas publicaciones en el foro para explotar la vulnerabilidad. Esto funciona incluso si las nuevas publicaciones requieren aprobaci\u00f3n. Si tienen la capacidad de editar publicaciones, el ataque se puede realizar de manera a\u00fan m\u00e1s discreta usando una sola publicaci\u00f3n para escanear cualquier tama\u00f1o de base de datos y ocultando el contenido de la publicaci\u00f3n del ataque luego. El ataque permite la filtraci\u00f3n de todas las publicaciones en la base de datos del foro, incluidas las publicaciones en espera de aprobaci\u00f3n, las publicaciones en etiquetas a las que el usuario no tiene acceso y las discusiones privadas creadas por otras extensiones como FriendsOfFlarum Byobu. Esto tambi\u00e9n incluye publicaciones que no son comentarios, como cambios de etiquetas o cambios de nombre de eventos. El payload de la discusi\u00f3n no se filtra, pero utilizando el payload HTML de menci\u00f3n es posible extraer el ID de la discusi\u00f3n de todas las publicaciones y combinar todas las publicaciones nuevamente en sus discusiones originales, incluso si el t\u00edtulo de la discusi\u00f3n sigue siendo desconocido. Todas las versiones de Flarum anteriores a la 1.6.3 se ven afectadas. La vulnerabilidad ha sido reparada y publicada como flarum/core v1.6.3. Como workaround, el usuario puede desactivar la extensi\u00f3n de menciones."
}
],
"id": "CVE-2023-22487",
"lastModified": "2024-11-21T07:44:54.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-11T20:15:08.833",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-41938
Vulnerability from fkie_nvd - Published: 2022-11-19 01:15 - Updated: 2024-11-21 07:24
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB7BB87-17F3-4F63-B744-69CB036BA93E",
"versionEndExcluding": "1.6.2",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flarum is an open source discussion platform. Flarum\u0027s page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "Flarum es una plataforma de debate de c\u00f3digo abierto. El sistema de t\u00edtulos de p\u00e1ginas de Flarum permit\u00eda que los t\u00edtulos de las p\u00e1ginas se convirtieran en nodos HTML DOM cuando se representaban las p\u00e1ginas. El cambio se realiz\u00f3 despu\u00e9s de la \"v1.5\" y no se not\u00f3. Esto permiti\u00f3 a un atacante inyectar etiquetas HTML maliciosas utilizando una entrada de t\u00edtulo de discusi\u00f3n, ya sea creando una nueva discusi\u00f3n o cambiando el nombre de una. El ataque XSS ocurre despu\u00e9s de que un visitante abre la p\u00e1gina de discusi\u00f3n correspondiente. Todas las comunidades que ejecutan Flarum desde `v1.5.0` hasta `v1.6.1` se ven afectadas. La vulnerabilidad ha sido reparada y publicada como flarum/core `v1.6.2`. Todas las comunidades que ejecutan Flarum desde `v1.5.0` hasta `v1.6.1` deben actualizar lo antes posible a v1.6.2. No se conocen workarounds para este problema."
}
],
"id": "CVE-2022-41938",
"lastModified": "2024-11-21T07:24:06.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-19T01:15:10.383",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.flarum.org/d/27558"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/commit/690de9ce0ffe7ac4d45b73e303f44340c3433138"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-7x4w-j98p-854x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://discuss.flarum.org/d/27558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/commit/690de9ce0ffe7ac4d45b73e303f44340c3433138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-7x4w-j98p-854x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-32671
Vulnerability from fkie_nvd - Published: 2021-06-07 22:15 - Updated: 2024-11-21 06:07
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as <script>alert('test')</script> resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57 | Third Party Advisory | |
| security-advisories@github.com | https://packagist.org/packages/flarum/core | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packagist.org/packages/flarum/core | Product, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3241FCD1-F5B7-4447-8FF9-6C02EEBB846D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48C22B7B-9BD3-4AA4-9DB7-1CE3D837E5C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a forum software for building communities. Flarum\u0027s translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as \u003cscript\u003ealert(\u0027test\u0027)\u003c/script\u003e resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2."
},
{
"lang": "es",
"value": "\"Flarum es un software de foros para construir comunidades. El sistema de traducci\u00f3n de Flarum permit\u00eda que las entradas de cadena se convirtieran en nodos HTML DOM cuando son renderizadas. Este cambio se realiz\u00f3 despu\u00e9s de la versi\u00f3n v0.1.0-beta.16 (nuestra \u00faltima beta versiones anteriores a v1.0.0) y no fue advertido ni documentado. Esto permit\u00eda que cualquier usuario escribiera marcas HTML maliciosas dentro de determinados campos de entrada del usuario y que \u00e9stas se ejecutaran en los navegadores de los clientes. El ejemplo que condujo al descubrimiento de esta vulnerabilidad fue en el cuadro de b\u00fasqueda del foro. La introducci\u00f3n de marcas HTML falsamente maliciosas, como (script)alert(\"\"test\"\")(/script) resultado a la aparici\u00f3n de un cuadro de alerta en el foro. Este ataque tambi\u00e9n pod\u00eda ser modificado para llevar a cabo peticiones AJAX en nombre de un usuario, posiblemente borrando discusiones, modificando su configuraci\u00f3n o perfil, o incluso modificando la configuraci\u00f3n en el panel de administraci\u00f3n si el ataque estaba dirigido a un usuario privilegiado. Todas las comunidades de Flarum que ejecutan flarum versiones v1.0.0 o v1.0.1 est\u00e1n afectadas. La vulnerabilidad ha sido corregida y publicada como flarum/core versi\u00f3n v1.0.2. Todas las comunidades que ejecutan Flarum versi\u00f3n v1.0, tienen que actualizar lo antes posible a la v1.0.2"
}
],
"id": "CVE-2021-32671",
"lastModified": "2024-11-21T06:07:29.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-07T22:15:07.743",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/flarum/core"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://packagist.org/packages/flarum/core"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2019-13183
Vulnerability from fkie_nvd - Published: 2019-07-07 15:15 - Updated: 2024-11-21 04:24
Severity ?
Summary
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/flarum/core/blob/master/CHANGELOG.md | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flarum/core/blob/master/CHANGELOG.md | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D9EF6C49-5066-4252-8356-6109F26CD021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "29211245-B5E7-4D83-BE77-573D8DF19079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5122F0A6-28F6-4DF5-89E2-850C67729C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3D9BAA2E-3888-4B81-BB41-6053CBEE20DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "637415E5-2EE1-4D2C-BB25-56E59827F060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CB8737B-762D-4ACA-B172-D36F8A93365A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "36954DAE-127A-4259-8BB6-99B8EF347348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta7.1:*:*:*:*:*:*",
"matchCriteriaId": "5A5962B6-2742-46C8-AB55-15E5E6997045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta7.2:*:*:*:*:*:*",
"matchCriteriaId": "EE5F5C50-C597-4B0A-B048-5F294C1DFE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "C1D53036-CD08-4A0D-9245-88666EBD6A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta8.1:*:*:*:*:*:*",
"matchCriteriaId": "95A09CC4-B2CC-4D1D-8811-9E4BE5169677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flarum:flarum:0.1.0:beta8.2:*:*:*:*:*:*",
"matchCriteriaId": "A3E94458-6C0B-4E45-BB79-22DB43F80493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings."
},
{
"lang": "es",
"value": "Flarum hasta la versi\u00f3n 0.1.0-beta.9 permite CSRF contra todos los puntos finales POST, como se demuestra al cambiar la configuraci\u00f3n de administraci\u00f3n."
}
],
"id": "CVE-2019-13183",
"lastModified": "2024-11-21T04:24:22.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-07T15:15:10.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/flarum/core/blob/master/CHANGELOG.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/flarum/core/blob/master/CHANGELOG.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-27794 (GCVE-0-2025-27794)
Vulnerability from cvelistv5 – Published: 2025-03-12 14:00 – Updated: 2025-03-12 15:29
VLAI?
Title
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite
Summary
Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.host.com`). This allows session token replacement for applications hosted on sibling subdomains (e.g., `community.host.com`) if session tokens aren't rotated post-authentication. Key Constraints are that the attacker must control any subdomain under the parent domain (e.g., `evil.host.com` or `x.y.host.com`), and the parent domain must not be on the Public Suffix List. Due to non-existent session token rotation after authenticating we can theoretically reproduce the vulnerability by using browser dev tools, but due to the browser's security measures this does not seem to be exploitable as described. Version 1.8.10 contains a patch for the issue.
Severity ?
6.8 (Medium)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27794",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:26:50.953268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:29:21.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.host.com`). This allows session token replacement for applications hosted on sibling subdomains (e.g., `community.host.com`) if session tokens aren\u0027t rotated post-authentication. Key Constraints are that the attacker must control any subdomain under the parent domain (e.g., `evil.host.com` or `x.y.host.com`), and the parent domain must not be on the Public Suffix List. Due to non-existent session token rotation after authenticating we can theoretically reproduce the vulnerability by using browser dev tools, but due to the browser\u0027s security measures this does not seem to be exploitable as described. Version 1.8.10 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:00:21.862Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-hg9j-64wp-m9px",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-hg9j-64wp-m9px"
},
{
"name": "https://github.com/flarum/framework/commit/a05aaea3ee1e0a8b870935183193cd6052f1d402",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/a05aaea3ee1e0a8b870935183193cd6052f1d402"
},
{
"name": "https://github.com/flarum/framework/releases/tag/v1.8.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/releases/tag/v1.8.10"
}
],
"source": {
"advisory": "GHSA-hg9j-64wp-m9px",
"discovery": "UNKNOWN"
},
"title": "Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27794",
"datePublished": "2025-03-12T14:00:21.862Z",
"dateReserved": "2025-03-06T18:06:54.462Z",
"dateUpdated": "2025-03-12T15:29:21.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21641 (GCVE-0-2024-21641)
Vulnerability from cvelistv5 – Published: 2024-01-05 21:02 – Updated: 2025-06-03 14:40
VLAI?
Title
Flarum's Logout Route allows open redirects
Summary
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.
Severity ?
6.5 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr"
},
{
"name": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a"
},
{
"name": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:56:54.587072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:40:49.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T18:15:30.139Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr"
},
{
"name": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a"
},
{
"name": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176"
}
],
"source": {
"advisory": "GHSA-733r-8xcp-w9mr",
"discovery": "UNKNOWN"
},
"title": "Flarum\u0027s Logout Route allows open redirects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21641",
"datePublished": "2024-01-05T21:02:56.513Z",
"dateReserved": "2023-12-29T03:00:44.957Z",
"dateUpdated": "2025-06-03T14:40:49.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40033 (GCVE-0-2023-40033)
Vulnerability from cvelistv5 – Published: 2023-08-16 20:34 – Updated: 2024-10-02 16:00
VLAI?
Title
Server-Side Request Forgery via Avatar upload in flarum
Summary
Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability.
Severity ?
7.1 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg"
},
{
"name": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:56:22.975991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:00:40.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP\u0027s `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-16T20:34:11.445Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg"
},
{
"name": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570"
}
],
"source": {
"advisory": "GHSA-67c6-q4j4-hccg",
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery via Avatar upload in flarum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40033",
"datePublished": "2023-08-16T20:34:11.445Z",
"dateReserved": "2023-08-08T13:46:25.244Z",
"dateUpdated": "2024-10-02T16:00:40.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27577 (GCVE-0-2023-27577)
Vulnerability from cvelistv5 – Published: 2023-03-10 20:56 – Updated: 2025-02-25 14:58
VLAI?
Title
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum
Summary
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.
Severity ?
6.6 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw"
},
{
"name": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:29:52.626830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:58:55.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T20:56:58.989Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw"
},
{
"name": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444"
}
],
"source": {
"advisory": "GHSA-vhm8-wwrf-3gcw",
"discovery": "UNKNOWN"
},
"title": "Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27577",
"datePublished": "2023-03-10T20:56:58.989Z",
"dateReserved": "2023-03-04T01:03:53.632Z",
"dateUpdated": "2025-02-25T14:58:55.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22489 (GCVE-0-2023-22489)
Vulnerability from cvelistv5 – Published: 2023-01-13 18:03 – Updated: 2025-03-10 21:30
VLAI?
Title
Flarum is missing authorization in discussion replies
Summary
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn't be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725"
},
{
"name": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015"
},
{
"name": "https://github.com/flarum/framework/releases/tag/v1.6.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/releases/tag/v1.6.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:00:08.407351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:30:11.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don\u0027t have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn\u0027t be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T18:03:46.954Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725"
},
{
"name": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015"
},
{
"name": "https://github.com/flarum/framework/releases/tag/v1.6.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/releases/tag/v1.6.3"
}
],
"source": {
"advisory": "GHSA-hph3-hv3c-7725",
"discovery": "UNKNOWN"
},
"title": "Flarum is missing authorization in discussion replies"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22489",
"datePublished": "2023-01-13T18:03:46.954Z",
"dateReserved": "2022-12-29T17:41:28.089Z",
"dateUpdated": "2025-03-10T21:30:11.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22488 (GCVE-0-2023-22488)
Vulnerability from cvelistv5 – Published: 2023-01-12 19:24 – Updated: 2025-03-10 21:30
VLAI?
Title
Missing authorization in Flarum
Summary
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3.
Severity ?
6.8 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4"
},
{
"name": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:00:10.975796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:30:24.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T19:24:16.494Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4"
},
{
"name": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a"
}
],
"source": {
"advisory": "GHSA-8gcg-vwmw-rxj4",
"discovery": "UNKNOWN"
},
"title": "Missing authorization in Flarum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22488",
"datePublished": "2023-01-12T19:24:16.494Z",
"dateReserved": "2022-12-29T17:41:28.089Z",
"dateUpdated": "2025-03-10T21:30:24.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22487 (GCVE-0-2023-22487)
Vulnerability from cvelistv5 – Published: 2023-01-11 19:49 – Updated: 2025-03-10 21:30
VLAI?
Title
Post mentions can be used to read any post on the forum without access control
Summary
Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@"<username>"#p<id>` syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into the actor post HTML, leaking its discussion ID and post number. The `mentionsPosts` relationship included in the `POST /api/posts` and `PATCH /api/posts/<id>` JSON responses leaks the full JSON:API payload of all mentioned posts without any access control. This includes the content, date, number and attributes added by other extensions. An attacker only needs the ability to create new posts on the forum to exploit the vulnerability. This works even if new posts require approval. If they have the ability to edit posts, the attack can be performed even more discreetly by using a single post to scan any size of database and hiding the attack post content afterward. The attack allows the leaking of all posts in the forum database, including posts awaiting approval, posts in tags the user has no access to, and private discussions created by other extensions like FriendsOfFlarum Byobu. This also includes non-comment posts like tag changes or renaming events. The discussion payload is not leaked but using the mention HTML payload it's possible to extract the discussion ID of all posts and combine all posts back together into their original discussions even if the discussion title remains unknown. All Flarum versions prior to 1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. As a workaround, user can disable the mentions extension.
Severity ?
7.7 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3"
},
{
"name": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22487",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:01:41.331652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:30:35.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@\"\u003cusername\u003e\"#p\u003cid\u003e` syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into the actor post HTML, leaking its discussion ID and post number. The `mentionsPosts` relationship included in the `POST /api/posts` and `PATCH /api/posts/\u003cid\u003e` JSON responses leaks the full JSON:API payload of all mentioned posts without any access control. This includes the content, date, number and attributes added by other extensions. An attacker only needs the ability to create new posts on the forum to exploit the vulnerability. This works even if new posts require approval. If they have the ability to edit posts, the attack can be performed even more discreetly by using a single post to scan any size of database and hiding the attack post content afterward. The attack allows the leaking of all posts in the forum database, including posts awaiting approval, posts in tags the user has no access to, and private discussions created by other extensions like FriendsOfFlarum Byobu. This also includes non-comment posts like tag changes or renaming events. The discussion payload is not leaked but using the mention HTML payload it\u0027s possible to extract the discussion ID of all posts and combine all posts back together into their original discussions even if the discussion title remains unknown. All Flarum versions prior to 1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. As a workaround, user can disable the mentions extension."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T19:49:37.668Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3"
},
{
"name": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985"
}
],
"source": {
"advisory": "GHSA-22m9-m3ww-53h3",
"discovery": "UNKNOWN"
},
"title": "Post mentions can be used to read any post on the forum without access control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22487",
"datePublished": "2023-01-11T19:49:37.668Z",
"dateReserved": "2022-12-29T17:41:28.089Z",
"dateUpdated": "2025-03-10T21:30:35.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41938 (GCVE-0-2022-41938)
Vulnerability from cvelistv5 – Published: 2022-11-19 00:00 – Updated: 2025-04-23 16:36
VLAI?
Title
Cross site scripting vulnerability with discussion titles in flarum
Summary
Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-7x4w-j98p-854x"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/690de9ce0ffe7ac4d45b73e303f44340c3433138"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.flarum.org/d/27558"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:46:38.149371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:36:43.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.5.0, \u003c 1.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is an open source discussion platform. Flarum\u0027s page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-19T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/flarum/framework/security/advisories/GHSA-7x4w-j98p-854x"
},
{
"url": "https://github.com/flarum/framework/commit/690de9ce0ffe7ac4d45b73e303f44340c3433138"
},
{
"url": "https://discuss.flarum.org/d/27558"
}
],
"source": {
"advisory": "GHSA-7x4w-j98p-854x",
"discovery": "UNKNOWN"
},
"title": "Cross site scripting vulnerability with discussion titles in flarum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41938",
"datePublished": "2022-11-19T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:36:43.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32671 (GCVE-0-2021-32671)
Vulnerability from cvelistv5 – Published: 2021-06-07 21:25 – Updated: 2024-08-03 23:25
VLAI?
Title
XSS vulnerability with translator
Summary
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as <script>alert('test')</script> resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2.
Severity ?
10 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/flarum/core"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "core",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a forum software for building communities. Flarum\u0027s translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as \u003cscript\u003ealert(\u0027test\u0027)\u003c/script\u003e resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T21:25:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/flarum/core"
}
],
"source": {
"advisory": "GHSA-5qjq-69w6-fg57",
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability with translator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32671",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability with translator"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "core",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.0.0, \u003c 1.0.2"
}
]
}
}
]
},
"vendor_name": "flarum"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flarum is a forum software for building communities. Flarum\u0027s translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as \u003cscript\u003ealert(\u0027test\u0027)\u003c/script\u003e resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57",
"refsource": "CONFIRM",
"url": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57"
},
{
"name": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a",
"refsource": "MISC",
"url": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a"
},
{
"name": "https://packagist.org/packages/flarum/core",
"refsource": "MISC",
"url": "https://packagist.org/packages/flarum/core"
}
]
},
"source": {
"advisory": "GHSA-5qjq-69w6-fg57",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32671",
"datePublished": "2021-06-07T21:25:12",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13183 (GCVE-0-2019-13183)
Vulnerability from cvelistv5 – Published: 2019-07-07 14:34 – Updated: 2024-08-04 23:41
VLAI?
Summary
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/core/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-07T14:34:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/core/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/flarum/core/blob/master/CHANGELOG.md",
"refsource": "MISC",
"url": "https://github.com/flarum/core/blob/master/CHANGELOG.md"
},
{
"name": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released",
"refsource": "CONFIRM",
"url": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released"
},
{
"name": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6",
"refsource": "CONFIRM",
"url": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13183",
"datePublished": "2019-07-07T14:34:45",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27794 (GCVE-0-2025-27794)
Vulnerability from nvd – Published: 2025-03-12 14:00 – Updated: 2025-03-12 15:29
VLAI?
Title
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite
Summary
Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.host.com`). This allows session token replacement for applications hosted on sibling subdomains (e.g., `community.host.com`) if session tokens aren't rotated post-authentication. Key Constraints are that the attacker must control any subdomain under the parent domain (e.g., `evil.host.com` or `x.y.host.com`), and the parent domain must not be on the Public Suffix List. Due to non-existent session token rotation after authenticating we can theoretically reproduce the vulnerability by using browser dev tools, but due to the browser's security measures this does not seem to be exploitable as described. Version 1.8.10 contains a patch for the issue.
Severity ?
6.8 (Medium)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27794",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:26:50.953268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:29:21.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.host.com`). This allows session token replacement for applications hosted on sibling subdomains (e.g., `community.host.com`) if session tokens aren\u0027t rotated post-authentication. Key Constraints are that the attacker must control any subdomain under the parent domain (e.g., `evil.host.com` or `x.y.host.com`), and the parent domain must not be on the Public Suffix List. Due to non-existent session token rotation after authenticating we can theoretically reproduce the vulnerability by using browser dev tools, but due to the browser\u0027s security measures this does not seem to be exploitable as described. Version 1.8.10 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:00:21.862Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-hg9j-64wp-m9px",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-hg9j-64wp-m9px"
},
{
"name": "https://github.com/flarum/framework/commit/a05aaea3ee1e0a8b870935183193cd6052f1d402",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/a05aaea3ee1e0a8b870935183193cd6052f1d402"
},
{
"name": "https://github.com/flarum/framework/releases/tag/v1.8.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/releases/tag/v1.8.10"
}
],
"source": {
"advisory": "GHSA-hg9j-64wp-m9px",
"discovery": "UNKNOWN"
},
"title": "Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27794",
"datePublished": "2025-03-12T14:00:21.862Z",
"dateReserved": "2025-03-06T18:06:54.462Z",
"dateUpdated": "2025-03-12T15:29:21.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21641 (GCVE-0-2024-21641)
Vulnerability from nvd – Published: 2024-01-05 21:02 – Updated: 2025-06-03 14:40
VLAI?
Title
Flarum's Logout Route allows open redirects
Summary
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.
Severity ?
6.5 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr"
},
{
"name": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a"
},
{
"name": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:56:54.587072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:40:49.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T18:15:30.139Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr"
},
{
"name": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a"
},
{
"name": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176"
}
],
"source": {
"advisory": "GHSA-733r-8xcp-w9mr",
"discovery": "UNKNOWN"
},
"title": "Flarum\u0027s Logout Route allows open redirects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21641",
"datePublished": "2024-01-05T21:02:56.513Z",
"dateReserved": "2023-12-29T03:00:44.957Z",
"dateUpdated": "2025-06-03T14:40:49.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40033 (GCVE-0-2023-40033)
Vulnerability from nvd – Published: 2023-08-16 20:34 – Updated: 2024-10-02 16:00
VLAI?
Title
Server-Side Request Forgery via Avatar upload in flarum
Summary
Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability.
Severity ?
7.1 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg"
},
{
"name": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:56:22.975991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:00:40.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP\u0027s `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-16T20:34:11.445Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg"
},
{
"name": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570"
}
],
"source": {
"advisory": "GHSA-67c6-q4j4-hccg",
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery via Avatar upload in flarum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40033",
"datePublished": "2023-08-16T20:34:11.445Z",
"dateReserved": "2023-08-08T13:46:25.244Z",
"dateUpdated": "2024-10-02T16:00:40.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27577 (GCVE-0-2023-27577)
Vulnerability from nvd – Published: 2023-03-10 20:56 – Updated: 2025-02-25 14:58
VLAI?
Title
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum
Summary
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.
Severity ?
6.6 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw"
},
{
"name": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:29:52.626830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:58:55.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T20:56:58.989Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-vhm8-wwrf-3gcw"
},
{
"name": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/1761660c98ea5a3e9665fb8e6041d1f2ee62a444"
}
],
"source": {
"advisory": "GHSA-vhm8-wwrf-3gcw",
"discovery": "UNKNOWN"
},
"title": "Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27577",
"datePublished": "2023-03-10T20:56:58.989Z",
"dateReserved": "2023-03-04T01:03:53.632Z",
"dateUpdated": "2025-02-25T14:58:55.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22489 (GCVE-0-2023-22489)
Vulnerability from nvd – Published: 2023-01-13 18:03 – Updated: 2025-03-10 21:30
VLAI?
Title
Flarum is missing authorization in discussion replies
Summary
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn't be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725"
},
{
"name": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015"
},
{
"name": "https://github.com/flarum/framework/releases/tag/v1.6.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/releases/tag/v1.6.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:00:08.407351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:30:11.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don\u0027t have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn\u0027t be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T18:03:46.954Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725"
},
{
"name": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015"
},
{
"name": "https://github.com/flarum/framework/releases/tag/v1.6.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/releases/tag/v1.6.3"
}
],
"source": {
"advisory": "GHSA-hph3-hv3c-7725",
"discovery": "UNKNOWN"
},
"title": "Flarum is missing authorization in discussion replies"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22489",
"datePublished": "2023-01-13T18:03:46.954Z",
"dateReserved": "2022-12-29T17:41:28.089Z",
"dateUpdated": "2025-03-10T21:30:11.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22488 (GCVE-0-2023-22488)
Vulnerability from nvd – Published: 2023-01-12 19:24 – Updated: 2025-03-10 21:30
VLAI?
Title
Missing authorization in Flarum
Summary
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3.
Severity ?
6.8 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4"
},
{
"name": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:00:10.975796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:30:24.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T19:24:16.494Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-8gcg-vwmw-rxj4"
},
{
"name": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/d0a2b95dca57d3dae9a0d77b610b1cb1d0b1766a"
}
],
"source": {
"advisory": "GHSA-8gcg-vwmw-rxj4",
"discovery": "UNKNOWN"
},
"title": "Missing authorization in Flarum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22488",
"datePublished": "2023-01-12T19:24:16.494Z",
"dateReserved": "2022-12-29T17:41:28.089Z",
"dateUpdated": "2025-03-10T21:30:24.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22487 (GCVE-0-2023-22487)
Vulnerability from nvd – Published: 2023-01-11 19:49 – Updated: 2025-03-10 21:30
VLAI?
Title
Post mentions can be used to read any post on the forum without access control
Summary
Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@"<username>"#p<id>` syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into the actor post HTML, leaking its discussion ID and post number. The `mentionsPosts` relationship included in the `POST /api/posts` and `PATCH /api/posts/<id>` JSON responses leaks the full JSON:API payload of all mentioned posts without any access control. This includes the content, date, number and attributes added by other extensions. An attacker only needs the ability to create new posts on the forum to exploit the vulnerability. This works even if new posts require approval. If they have the ability to edit posts, the attack can be performed even more discreetly by using a single post to scan any size of database and hiding the attack post content afterward. The attack allows the leaking of all posts in the forum database, including posts awaiting approval, posts in tags the user has no access to, and private discussions created by other extensions like FriendsOfFlarum Byobu. This also includes non-comment posts like tag changes or renaming events. The discussion payload is not leaked but using the mention HTML payload it's possible to extract the discussion ID of all posts and combine all posts back together into their original discussions even if the discussion title remains unknown. All Flarum versions prior to 1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. As a workaround, user can disable the mentions extension.
Severity ?
7.7 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:48.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3"
},
{
"name": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22487",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:01:41.331652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:30:35.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@\"\u003cusername\u003e\"#p\u003cid\u003e` syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into the actor post HTML, leaking its discussion ID and post number. The `mentionsPosts` relationship included in the `POST /api/posts` and `PATCH /api/posts/\u003cid\u003e` JSON responses leaks the full JSON:API payload of all mentioned posts without any access control. This includes the content, date, number and attributes added by other extensions. An attacker only needs the ability to create new posts on the forum to exploit the vulnerability. This works even if new posts require approval. If they have the ability to edit posts, the attack can be performed even more discreetly by using a single post to scan any size of database and hiding the attack post content afterward. The attack allows the leaking of all posts in the forum database, including posts awaiting approval, posts in tags the user has no access to, and private discussions created by other extensions like FriendsOfFlarum Byobu. This also includes non-comment posts like tag changes or renaming events. The discussion payload is not leaked but using the mention HTML payload it\u0027s possible to extract the discussion ID of all posts and combine all posts back together into their original discussions even if the discussion title remains unknown. All Flarum versions prior to 1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. As a workaround, user can disable the mentions extension."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T19:49:37.668Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-22m9-m3ww-53h3"
},
{
"name": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/framework/commit/ab1c868b978e8b0d09a5d682c54665dae17d0985"
}
],
"source": {
"advisory": "GHSA-22m9-m3ww-53h3",
"discovery": "UNKNOWN"
},
"title": "Post mentions can be used to read any post on the forum without access control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22487",
"datePublished": "2023-01-11T19:49:37.668Z",
"dateReserved": "2022-12-29T17:41:28.089Z",
"dateUpdated": "2025-03-10T21:30:35.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41938 (GCVE-0-2022-41938)
Vulnerability from nvd – Published: 2022-11-19 00:00 – Updated: 2025-04-23 16:36
VLAI?
Title
Cross site scripting vulnerability with discussion titles in flarum
Summary
Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/flarum/framework/security/advisories/GHSA-7x4w-j98p-854x"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/flarum/framework/commit/690de9ce0ffe7ac4d45b73e303f44340c3433138"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.flarum.org/d/27558"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:46:38.149371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:36:43.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "framework",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.5.0, \u003c 1.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is an open source discussion platform. Flarum\u0027s page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-19T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/flarum/framework/security/advisories/GHSA-7x4w-j98p-854x"
},
{
"url": "https://github.com/flarum/framework/commit/690de9ce0ffe7ac4d45b73e303f44340c3433138"
},
{
"url": "https://discuss.flarum.org/d/27558"
}
],
"source": {
"advisory": "GHSA-7x4w-j98p-854x",
"discovery": "UNKNOWN"
},
"title": "Cross site scripting vulnerability with discussion titles in flarum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41938",
"datePublished": "2022-11-19T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:36:43.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32671 (GCVE-0-2021-32671)
Vulnerability from nvd – Published: 2021-06-07 21:25 – Updated: 2024-08-03 23:25
VLAI?
Title
XSS vulnerability with translator
Summary
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as <script>alert('test')</script> resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2.
Severity ?
10 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/flarum/core"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "core",
"vendor": "flarum",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum is a forum software for building communities. Flarum\u0027s translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as \u003cscript\u003ealert(\u0027test\u0027)\u003c/script\u003e resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T21:25:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/flarum/core"
}
],
"source": {
"advisory": "GHSA-5qjq-69w6-fg57",
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability with translator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32671",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability with translator"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "core",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.0.0, \u003c 1.0.2"
}
]
}
}
]
},
"vendor_name": "flarum"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flarum is a forum software for building communities. Flarum\u0027s translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed for any user to type malicious HTML markup within certain user input fields and have this execute on client browsers. The example which led to the discovery of this vulnerability was in the forum search box. Entering faux-malicious HTML markup, such as \u003cscript\u003ealert(\u0027test\u0027)\u003c/script\u003e resulted in an alert box appearing on the forum. This attack could also be modified to perform AJAX requests on behalf of a user, possibly deleting discussions, modifying their settings or profile, or even modifying settings on the Admin panel if the attack was targetted towards a privileged user. All Flarum communities that run flarum v1.0.0 or v1.0.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.0.2. All communities running Flarum v1.0 have to upgrade as soon as possible to v1.0.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57",
"refsource": "CONFIRM",
"url": "https://github.com/flarum/core/security/advisories/GHSA-5qjq-69w6-fg57"
},
{
"name": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a",
"refsource": "MISC",
"url": "https://github.com/flarum/core/commit/440bed81b8019dff00642c8f493b4909d505a28a"
},
{
"name": "https://packagist.org/packages/flarum/core",
"refsource": "MISC",
"url": "https://packagist.org/packages/flarum/core"
}
]
},
"source": {
"advisory": "GHSA-5qjq-69w6-fg57",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32671",
"datePublished": "2021-06-07T21:25:12",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13183 (GCVE-0-2019-13183)
Vulnerability from nvd – Published: 2019-07-07 14:34 – Updated: 2024-08-04 23:41
VLAI?
Summary
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flarum/core/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-07T14:34:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flarum/core/blob/master/CHANGELOG.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/flarum/core/blob/master/CHANGELOG.md",
"refsource": "MISC",
"url": "https://github.com/flarum/core/blob/master/CHANGELOG.md"
},
{
"name": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released",
"refsource": "CONFIRM",
"url": "https://discuss.flarum.org/d/20606-flarum-0-1-0-beta-9-released"
},
{
"name": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6",
"refsource": "CONFIRM",
"url": "https://github.com/flarum/core/security/advisories/GHSA-3wjh-93gr-chh6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13183",
"datePublished": "2019-07-07T14:34:45",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}