CVE-2022-1606: Incorrect Privilege Assignment
DESCRIPTION:
Incorrect privilege assignment in M-Files Server versions before 23.3.11164.0 and before 23.3.11237.1 allowed reading of unmanaged objects.
AFFECTED PRODUCTS:
All M-Files Server versions before 22.3.111.64.0 and before 22.3.11237.1.
MORE INFORMATION:
"See and undelete deleted objects" permission incorrectly gives access to read undeleted unmanaged objects.
CVSS 3.1 Score: 2.4
CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
CWE: CWE-269 Improper Privilege Management
CAPEC: CAPEC-233 Privilege Escalation
Internal ID: 161409
Date issued: 2022-11-30
LINKS