PT-2019-11461 · Perl Dancer · Dancer::Plugin::Simplecrud

Joshrabinowitz

Publicado

2019-07-17

Atualizado

2020-08-24

CVE-2019-1010084

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Dancer::Plugin::SimpleCRUD versions 1.14 and earlier

Description: The issue is related to Incorrect Access Control, which may lead to unauthorized access to data. This occurs due to incorrect calls to the ensure auth() wrapper, resulting in authentication checks not being applied to all routes.

Recommendations: For Dancer::Plugin::SimpleCRUD versions 1.14 and earlier, consider modifying the code to correctly apply the ensure auth() wrapper to ensure authentication checks are applied to all routes. As a temporary workaround, review and manually enforce authentication checks for all routes until a proper fix is implemented.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2019-1010084

Produtos afetados

Dancer::Plugin::Simplecrud

PT-2019-11461 · Perl Dancer · Dancer::Plugin::Simplecrud

CVE-2019-1010084

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3