Lucene search

M-Files CorporationCVELIST:CVE-2023-6239

HistoryNov 28, 2023 - 2:07 p.m.

CVE-2023-6239 Incorrect calculation of effective permissions

2023-11-2814:07:20

CWE-281

M-Files Corporation

www.cve.org

cve-2023-6239

metadata-driven permissions

unauthorized access

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "M-Files Server",
    "vendor": "M-Files",
    "versions": [
      {
        "status": "affected",
        "version": "23.9"
      },
      {
        "status": "affected",
        "version": "23.10"
      },
      {
        "lessThan": "23.11.13168.7",
        "status": "affected",
        "version": "23.11",
        "versionType": "custom"
      }
    ]
  }
]

References

product.m-files.com/security-advisories/cve-2023-6239/

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Related for CVELIST:CVE-2023-6239