CVE-2018-1000141 Information

Description

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.

Vulnerability Type (CWE)

CWE-269

Published

2018-03-23

Last Modified

2019-10-03

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Score

9.1 CRITICAL

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

References

https://github.com/mkucej/i-librarian/issues/124 (Third Party Advisory)