← voltar
CVE-2021-25991

ifme - Improper Access Control leads to admin deactivation

CVSS 5.7 MEDIUMEPSS 0.8%CWE-284
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Produtos afetados
ifmeorg · ifme

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991