PT-2019-11461 · Perl Dancer · Dancer::Plugin::Simplecrud
Joshrabinowitz
·
Published
2019-07-17
·
Updated
2020-08-24
·
CVE-2019-1010084
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Dancer::Plugin::SimpleCRUD versions 1.14 and earlier
Description:
The issue is related to Incorrect Access Control, which may lead to unauthorized access to data. This occurs due to incorrect calls to the
ensure auth() wrapper, resulting in authentication checks not being applied to all routes.Recommendations:
For Dancer::Plugin::SimpleCRUD versions 1.14 and earlier, consider modifying the code to correctly apply the
ensure auth() wrapper to ensure authentication checks are applied to all routes. As a temporary workaround, review and manually enforce authentication checks for all routes until a proper fix is implemented.Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dancer::Plugin::Simplecrud