PT-2018-12754 · Subrion · Subrion

Rishaldwivedi

Published

2018-08-02

Updated

2019-10-03

CVE-2018-14836

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Subrion version 4.2.1

Description The issue allows user groups without access to the Admin panel to access it, although they cannot perform actions, if the Guests user group has access to the Admin panel. This is due to improper access control.

Recommendations For Subrion version 4.2.1, consider restricting access to the Admin panel for the Guests user group to prevent unauthorized access.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2018-14836

Affected Products

Subrion

PT-2018-12754 · Subrion · Subrion

CVE-2018-14836

Weakness Enumeration

Related Identifiers

Affected Products

References · 4