GHSA-6gjf-7w99-j7x7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6gjf-7w99-j7x7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-6gjf-7w99-j7x7/GHSA-6gjf-7w99-j7x7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6gjf-7w99-j7x7
- Aliases
- Published
- 2021-10-06T17:46:40Z
- Modified
- 2023-11-08T04:06:52.101760Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Deleted Admin Can Sign In to Admin Interface
- Details
-
Impact
Assuming an administrator once had previous access to the admin interface, they may still be able to sign in to the backend using October CMS v2.0.
Patches
The issue has been patched in v2.1.12
Workarounds
Reset the password of the deleted accounts to prevent them from signing in.
Please contact hello@octobercms.com for code change instructions if you are unable to upgrade.
References
Credits to: • Daniel Bidala
For more information
If you have any questions or comments about this advisory: * Email us at hello@octobercms.com
- Database specific
{ "nvd_published_at": "2021-10-06T18:15:00Z", "github_reviewed_at": "2021-10-06T17:27:51Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-287" ] }- References
Affected packages
Packagist / october/october
Package
- Name
- october/october
- Purl
- pkg:composer/october/october
Packagist / october/system
Package
- Name
- october/system
- Purl
- pkg:composer/october/system