{"id":"CVE-2022-26847","details":"SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.","modified":"2026-03-14T11:29:55.667691Z","published":"2022-03-10T17:48:02.017Z","references":[{"type":"ADVISORY","url":"https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-security-announce/2022/msg00060.html"},{"type":"FIX","url":"https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26847.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.2.14"}]},{"events":[{"introduced":"4.0.0"},{"fixed":"4.0.5"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}