Remote User Authentication Vulnerability Affects Paperless-ngx Document Management System
CVE-2024-35184

5.5MEDIUM

Key Information:

Vendor: Paperless-ngx
Status: Paperless-ngx
Vendor: CVE Published:; 15 May 2024

🔔 Create Paperless-ngx Vulnerability Alert

What is CVE-2024-35184?

Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the issue.

Affected Version(s)

paperless-ngx >= 2.5.0, < 2.8.6

References

https://github.com/paperless-ngx/paperless-ngx/security/a...

x_refsource_CONFIRM

https://github.com/paperless-ngx/paperless-ngx/pull/6739

x_refsource_MISC

https://github.com/paperless-ngx/paperless-ngx/commit/ed0...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
May 10, 2024

.

CVE-2024-35184 : Remote User Authentication Vulnerability Affects Paperless-ngx Document Management System