Persistent Invitation Vulnerability in Funkwhale v1.2.8

Persistent Invitation Vulnerability in Funkwhale v1.2.8

CVE-2022-45292 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.

Learn more about our Web Application Penetration Testing UK.