PT-2023-32573 · M Files · M-Files Server
Published
2023-11-28
·
Updated
2024-08-28
·
CVE-2023-6239
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
M-Files Server versions 23.9 through 23.11 before 23.11.13168.7
Description
The issue arises under rare conditions when an object in M-Files Server has a specific configuration of metadata-driven permissions, potentially leading to incorrect calculation of the object's effective permissions. This could enable unauthorized access to the object.
Recommendations
For M-Files Server versions 23.9 through 23.11 before 23.11.13168.7, update to version 23.11.13168.7 or later to resolve the issue.
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M-Files Server