Описание
StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue.
EPSS
Процентиль: 7%
0.00027
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 6.5
github
10 дней назад
StudioCMS has Authorization Bypass Through User-Controlled Key
EPSS
Процентиль: 7%
0.00027
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639