MEDIUM🇬🇧 English

CVE-2021-25991

CVSS 5.7v3.1pub. 2021-12-29upd. 2024-11-21

In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
  • If Me Ifme

    APP
    If-Me
    5.0.0 – 7.32
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-25992CRITICAL9.8ten sam produkt

In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated l...

CVE-2021-25988MEDIUM5.4ten sam produkt

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) w...

CVE-2021-25989MEDIUM5.4ten sam produkt

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. I...

CVE-2021-25990MEDIUM5.4ten sam produkt

In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allo...