CVE-2022-35921
LOWfof/byobu 0.3.0-beta.2-1.1.6 - Improper Privilege Management
Title source: llmDescription
fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/FriendsOfFlarum/byobu/security/advisories/GHSA-6gjm-6wj6-4px5
Patch, Third Party Advisory x_refsource_misc
https://github.com/FriendsOfFlarum/byobu/commit/23dcf93a30f948d30c678a96681f7fdefeba5171
Scores
CVSS v3
3.5
EPSS
0.0042
EPSS Percentile
33.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
CWE-863
Status
published
Products (3)
fof/byobu
0.3.0-beta.2 - 1.1.7Packagist
friendsofflarum/byobu
0.30.0 beta2
friendsofflarum/byobu
0.32.0 - 1.1.7
Published
Aug 01, 2022
Tracked Since
Feb 18, 2026