CVE-2022-0574 (publify_core): Incorrect Authorization in publify

Incorrect Authorization in publify

Published: May 17, 2022

SECURITY IDENTIFIERS

CVE: CVE-2022-0574 (NVD)
GHSA: GHSA-79m3-q3wh-c3qm
Vendor Advisory: https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739

GEM

publify_core

SEVERITY

CVSS v3.x: 6.5 (Medium)

PATCHED VERSIONS

>= 9.2.8

DESCRIPTION

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode.

https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f

RubySec