exploitDog

CVE-2020-26506

Опубликовано: 05 нояб. 2020

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.

Ссылки

https://www.marmind.com/en/
Product
https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html
Exploit
Third Party Advisory
https://www.marmind.com/en/
Product
https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:marmind:marmind:4.1.141.0:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00156

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-670

Связанные уязвимости

GHSA-fx3j-f5h6-7x3w

github

больше 3 лет назад

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.

EPSS

Процентиль: 37%

0.00156

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-670