CVE-2022-45292
MEDIUMfunkwhale 1.2.8 - Use-After-Free in User Invite Handling
Title source: llmDescription
User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Vendor Advisory
https://dev.funkwhale.audio/funkwhale/funkwhale/-/issues/1952
Scores
CVSS v3
5.3
EPSS
0.0050
EPSS Percentile
38.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-672
Status
published
Products (1)
funkwhale/funkwhale
1.2.8
Published
Dec 09, 2022
Tracked Since
Feb 18, 2026