Improper Access Control in publify
Published: May 24, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2022-1810 (NVD)
- GHSA: GHSA-c273-c6vg-4pv5
- Vendor Advisory: https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce
GEM
SEVERITY
CVSS v3.x: 4.3 (Medium)
PATCHED VERSIONS
>= 9.2.9
DESCRIPTION
A low-privileged user can modify and delete admin articles just by changing the value of the article[id] parameter prior to 9.2.9.