CVE-2022-45292

MEDIUM

Funkwhale v1.2.8 - Info Disclosure

Title source: llm

Description

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.

References (1)

Scores

CVSS v3 5.3
EPSS 0.0032
EPSS Percentile 54.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE
CWE-672
Status published

Affected Products (1)

funkwhale/funkwhale

Timeline

Published Dec 09, 2022
Tracked Since Feb 18, 2026