Improper Access Control in Cerebrate Affects Unprivileged Users
CVE-2022-25318

4.3MEDIUM

Key Information:

Vendor

Cerebrate-project

Status
Cerebrate
Vendor
CVE Published:
18 February 2022

What is CVE-2022-25318?

An issue was identified in Cerebrate up to version 1.4 where an incorrect Access Control List (ACL) for sharing groups permitted unprivileged users to modify and edit sharing groups. This flaw could lead to unauthorized changes and potential data breaches, as users without appropriate permissions could manipulate group settings, affecting data integrity and confidentiality. Users should implement necessary patches and access controls to mitigate these vulnerabilities.

References

https://github.com/cerebrate-project/cerebrate/commit/151...
https://zigrin.com/advisories/cerebrate-an-incorrect-shar...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.