CVE-2021-25973

Medium

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does…

Mend·CWE-285·Published 2021-11-02

CVSS

6.5

EPSS

0.01

KEV

Exploits

cve.orgen

195 chars

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

NVDen

195 chars

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. `guest` role users can self-register even when the admin does not allow it. This happens due to front-end restriction only.

GHSAen

198 chars

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. `guest` role users can self-register even when the admin does not allow it. This happens due to front-end restriction only.

NVDes

254 chars

En Publify, versiones 9.0.0.pre1 a 9.2.4, son vulnerables a un Control de Acceso Inapropiado. Los usuarios con rol "guest" pueden auto registrarse incluso cuando el administrador no lo permite. Esto sucede debido a una restricción del front-end solamente

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Primary	NVD	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Secondary	NVD	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Secondary	GHSA	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N