What is CVE-2023-22489?

CVE-2023-22489 is a low-severity vulnerability in Flarum Framework, classified under Missing Authorization. CVSS score: 3.5/10. Published 2023-01-13.

How severe is CVE-2023-22489?

Low severity. CVSS v3 base score is 3.5 out of 10.

Auth bypass in Flarum Framework

CVE-2023-22489

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the re…

Vulnerability class: Broken Access Control

EPSS: 0.003 (53.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Flarum Framework — versions >= 1.3.0, < 1.6.3

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

https://github.com/flarum/framework/security/advisories/GHSA-hph3-hv3c-7725 (x_refsource_CONFIRM)
https://github.com/flarum/framework/commit/12f14112a0ecd1484d97330b82beb2a145919015 (x_refsource_MISC)
https://github.com/flarum/framework/releases/tag/v1.6.3 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-22489?: CVE-2023-22489 is a low-severity vulnerability in Flarum Framework, classified under Missing Authorization. CVSS score: 3.5/10. Published 2023-01-13.
How severe is CVE-2023-22489?: Low severity. CVSS v3 base score is 3.5 out of 10.