CVE-2017-15680 – org.craftercms:crafter-core

Package

Manager: maven
Name: org.craftercms:crafter-core
Vulnerable Version: >=3.0.0 <3.0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00919 pctl0.75087

Details

Missing Authorization in Crafter CMS In Crafter CMS Crafter Studio 3.0 prior to 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.

Metadata

Created: 2022-05-24T17:34:59Z
Modified: 2022-06-03T15:51:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2rr8-9c6g-8j5c/GHSA-2rr8-9c6g-8j5c.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-2rr8-9c6g-8j5c
Finding: F039
Auto approve: 1