CVE-2022-1553 Leaking password protected articles content due to improper access control in publify/publify

2022-05-1614:31:58

CWE-284

@huntrdev

www.cve.org

cve-2022-1553

leaking content

improper access control

github repository

publify website

confidentiality

integrity

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.1%

JSON

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.

CNA Affected

[
  {
    "product": "publify/publify",
    "vendor": "publify",
    "versions": [
      {
        "lessThan": "9.2.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]