CVE-2022-35921 LOW

CVE-2022-35921: User preference to prevent private discussions not respected in fof/byobu

Vendor Friendsofflarum
Product byobu
Weakness CWE-269
Published August 1, 2022
Last update April 23, 2025

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.

Key dates

02Disclosure timeline

August 1, 2022 CVE published
April 23, 2025 Record updated