CVE-2021-35249

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned.

Description This issue pertains to a broken access control vulnerability where a domain admin can access configuration and user data of other domains without authorization. The access is read-only, meaning the admin cannot modify the data. This leads to a data leak, as unauthorized users can access domain data without a log of their access, unless they attempt to modify it. The read-only activity is logged, but it is logged to the original domain and does not specify which domain was accessed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.