Lucene search
MendCVELIST:CVE-2021-25973HistoryNov 02, 2021 - 6:55 a.m.
CVE-2021-25973 Publify - Improper Authorization Leads to Guest Signup Restriction Bypass
2021-11-0206:55:09
CWE-285
Mend
www.cve.org
3
publify improper authorization access control front-end restriction bypass vulnerable 9.0.0.pre1 9.2.4
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
31.3%
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
CNA Affected
[
{
"product": "publify_core",
"vendor": "publify_core",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.0.0.pre1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-25973
2021-11-02 07:15:07
Publify `guest` role users can self-register even when the admin does not allow it
2021-11-03 17:34:22
BIT-publify-2021-25973
2024-03-06 11:04:39
nvd
nvd
CVE-2021-25973
2021-11-02 07:15:07
veracode
veracode
Privilege Escalation
2021-11-03 03:02:05
rubygems
rubygems
Improper Authorization in Publify
2021-11-02 21:00:00
prion
prion
Improper access control
2021-11-02 07:15:00
github
github
cve
cve
CVE-2021-25973
2021-11-02 07:15:07
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
31.3%
Related for CVELIST:CVE-2021-25973