Lucene search
Veracode Vulnerability DatabaseVERACODE:35565HistoryMay 17, 2022 - 6:34 a.m.
Improper Access Control
2022-05-1706:34:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
publify_core
vulnerability
improper access control
notify_user_via_email
comment field
unauthorized actions
EPSS
0.001
Percentile
30.0%
publify_core is vulnerable to improper access control. The vulnerability exists in notify_user_via_email function in article.rb due to lack of validations in comment field which allows an attacker to view data and perform unauthorized actions
References
github.com/advisories/GHSA-79m3-q3wh-c3qm
github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739
github.com/publify/publify/pull/1048
huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f
huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f/
huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f/
Related
cvelist
cvelist
CVE-2022-0574 Improper Access Control in publify/publify
2022-05-16 14:31:39
nvd
nvd
CVE-2022-0574
2022-05-16 15:15:08
github
github
Publify Incorrect Authorization
2022-05-17 00:01:25
huntr
huntr
Improper Access Control in publify/publify
2022-02-10 16:27:20
osv
osv
Publify Incorrect Authorization
2022-05-17 00:01:25
BIT-publify-2022-0574
2024-03-06 11:04:02
CVE-2022-0574
2022-05-16 15:15:08
cve
cve
CVE-2022-0574
2022-05-16 15:15:08
rubygems
rubygems
Incorrect Authorization in publify
2022-05-16 21:00:00
cnvd
cnvd
Publify Access Control Error Vulnerability
2022-05-18 00:00:00
prion
prion
Improper access control
2022-05-16 15:15:00