CVE-2021-25991

Опубликовано: 29 дек. 2021

Источник: nvd

CVSS3: 5.7

CVSS3: 7.3

CVSS2: 4.9

EPSS Низкий

Описание

In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.

Ссылки

https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991
Exploit
Third Party Advisory
https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:if-me:ifme:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 7.32 (включая)

EPSS

Процентиль: 41%

0.00192

Низкий

5.7 Medium

CVSS3

7.3 High

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-9869-mhm7-vvmm

github

около 4 лет назад

EPSS

Процентиль: 41%

0.00192

Низкий

5.7 Medium

CVSS3

7.3 High

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-Other