Описание
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.
Уязвимые конфигурации
Конфигурация 1Версия от 23.11 (включая) до 23.11.13168.7 (исключая)
Одно из
cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*
cpe:2.3:a:m-files:m-files_server:23.9:*:*:*:*:*:*:*
cpe:2.3:a:m-files:m-files_server:23.10:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.0005
Низкий
5.4 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-281
CWE-281
Связанные уязвимости
CVSS3: 5.4
github
около 2 лет назад
Improperly calculated effective permissions in M-Files Server versions 23.9 and 23.10 and 23.11 before 23.11.13168.7 could produce a faulty result if an object used a specific configuration of metadata-driven permissions.
EPSS
Процентиль: 16%
0.0005
Низкий
5.4 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-281
CWE-281