CVE-2020-26246

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-26246
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26246.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-26246
Related
  • GHSA-7p8p-4253-3mg6
Published
2020-12-03T01:15:10.913Z
Modified
2026-03-13T22:15:07.184157Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.

References

Affected packages

Git / github.com/pimcore/pimcore

Affected ranges

Type
GIT
Repo
https://github.com/pimcore/pimcore
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4256328a6362ffcdcc83b9c95bee17804bd0cc71
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.8.5"
        }
    ]
}

Affected versions

2.*
2.2.0
2.2.1
2.2.2
2.3.0
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
4.*
4.0.0
4.0.1
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0
v5.*
v5.0.0
v5.0.0-RC
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1.0
v5.1.0-alpha
v5.1.1
v5.1.2
v5.1.3
v5.2.0
v5.2.3
v5.3.0
v5.3.1
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.5.0
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.7.0
v5.7.1
v5.7.2
v5.7.3
v5.8.0
v5.8.1
v5.8.2
v5.8.3
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.1.0
v6.1.1
v6.1.2
v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.3.0
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.4.0
v6.4.1
v6.4.2
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.6.0
v6.6.1
v6.6.10
v6.6.11
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7.0
v6.7.1
v6.7.2
v6.7.3
v6.8.0
v6.8.1
v6.8.2
v6.8.3
v6.8.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26246.json"