CVE-2021-25973
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-25973
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25973.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-25973
- Aliases
- Published
- 2021-11-02T07:15:07.053Z
- Modified
- 2025-11-20T11:36:52.832972Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
- References
Affected packages
Git / github.com/publify/publify
Affected ranges
- Type
- GIT
- Repo
- https://github.com/publify/publify
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
5_3_0
release_5_1_98
release_5_2_0
release_5_2_98
release_5_4_0
release_5_4_1
release_5_4_2
release_5_4_3
release_5_4_4
release_5_5
release_6_0_0
release_6_0_1
release_6_0_2
release_6_0_3
release_6_0_4
release_6_0_6
release_6_0_7
release_6_0_8
release_6_0_9
release_6_1_0
release_6_1_1
release_6_1_2
release_6_1_3
release_6_1_4
release_7_0_0-beta1
6.*
6.9.0
7.*
7.0.0
7.1.0
release-1.*
release-1.6.7
release-5.*
release-5.0.3
release-5.0.3-no-rly
release-5.0.3.98
release-5.1
release-5.1.1
release-5.1.2
release-5.1.3
v8.*
v8.0
v8.0.1
v8.0.2
v8.1.0
v8.1.1
v8.2.0
v8.3.0
v8.3.1
v8.3.2
v8.3.3
v9.*
v9.0.0
v9.0.1
v9.1.0
v9.2.0
v9.2.1
v9.2.2
v9.2.3
v9.2.4