exploitDog

CVE-2020-36890

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels.

Ссылки

https://devnet.kentico.com/download/hotfixes
Product
https://www.vulncheck.com/advisories/kentico-xperience-administrator-access-control-bypass
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

Версия до 12.0.60 (включая)

EPSS

Процентиль: 16%

0.00052

Низкий

7.2 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-wxvc-763r-j974

CVSS3: 7.2

github

около 2 месяцев назад

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels.

EPSS

Процентиль: 16%

0.00052

Низкий

7.2 High

CVSS3

Дефекты

CWE-862