CVE-2022-45292

MEDIUM

Funkwhale v1.2.8 - Info Disclosure

Title source: llm
STIX 2.1

Description

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.

References (1)

Scores

CVSS v3 5.3
EPSS 0.0032
EPSS Percentile 54.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-672
Status published
Products (1)
funkwhale/funkwhale 1.2.8
Published Dec 09, 2022
Tracked Since Feb 18, 2026