Remote User Authentication Vulnerability Affects Paperless-ngx Document Management System
CVE-2024-35184

5.5MEDIUM

Key Information:

Vendor
Paperless-ngx
Status
Paperless-ngx
Vendor
CVE Published:
15 May 2024

Summary

Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the issue.

Affected Version(s)

paperless-ngx >= 2.5.0, < 2.8.6

References

https://github.com/paperless-ngx/paperless-ngx/security/a...
x_refsource_CONFIRM
https://github.com/paperless-ngx/paperless-ngx/pull/6739
x_refsource_MISC
https://github.com/paperless-ngx/paperless-ngx/commit/ed0...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.