CVE-2021-25991 Information

Jun 07, 2022 cve

Description

In Ifme versions v5.0.0 to v7.32 are vulnerable against an improper access control which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Reference

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991 https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.3

Share on: