GHSA-2rr8-9c6g-8j5c

Source

https://github.com/advisories/GHSA-2rr8-9c6g-8j5c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2rr8-9c6g-8j5c/GHSA-2rr8-9c6g-8j5c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2rr8-9c6g-8j5c

Aliases

CVE-2017-15680

Published

2022-05-24T17:34:59Z

Modified

2023-11-08T03:58:57.207372Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Missing Authorization in Crafter CMS

Details

In Crafter CMS Crafter Studio 3.0 prior to 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed_at": "2022-06-03T15:51:33Z",
    "cwe_ids": [
        "CWE-862"
    ],
    "nvd_published_at": "2020-11-27T18:15:00Z",
    "github_reviewed": true
}

References

Affected packages

Maven / org.craftercms:crafter-core

Package

Name: org.craftercms:crafter-core; View open source insights on deps.dev
Purl: pkg:maven/org.craftercms/crafter-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.1

Affected versions

3.*

3.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2rr8-9c6g-8j5c/GHSA-2rr8-9c6g-8j5c.json"