Remote User Authentication Vulnerability Affects Paperless-ngx Document Management System

CVE-2024-35184

5.5MEDIUM

Key Information

Vendor: Paperless-ngx
Status: Paperless-ngx
Vendor: CVE Published:; 15 May 2024

Summary

Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the issue.

Affected Version(s)

paperless-ngx = >= 2.5.0, < 2.8.6

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
May 15, 2024
Vulnerability Reserved.
May 10, 2024

Collectors

NVD DatabaseMitre Database