PT-2024-39579 · M Files · M-Files Connector For Copilot
Published
2024-10-01
·
Updated
2026-02-23
·
CVE-2024-9333
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
M-Files Connector for Copilot versions prior to 24.9.3
Description
The issue allows an authenticated user to bypass permissions and access a limited amount of documents due to an incorrect access control list calculation.
Recommendations
For versions prior to 24.9.3, update to version 24.9.3 or later to resolve the issue.
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M-Files Connector For Copilot