Описание
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.1 (включая)
cpe:2.3:a:activecollab:activecollab:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00109
Низкий
6 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL.
EPSS
Процентиль: 30%
0.00109
Низкий
6 Medium
CVSS2
Дефекты
CWE-264