Design/Logic Flaw

2009-02-1100:30:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the “double click selector bug”; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to “change permissions” and the “new UI.”

CPENameOperatorVersion
animal_shelter_managereq1.38
animal_shelter_managereq2.2.0
animal_shelter_managereq1.3
animal_shelter_managereq1.30.0-beta
animal_shelter_managereq2.1.1
animal_shelter_managereq1.32
animal_shelter_managereq2.0.8
animal_shelter_managereq2.0.16
animal_shelter_managereq2.0.1
animal_shelter_managereq2.0.18

Name	Operator	Version
animal_shelter_manager	eq	1.38
animal_shelter_manager	eq	2.2.0
animal_shelter_manager	eq	1.3
animal_shelter_manager	eq	1.30.0-beta
animal_shelter_manager	eq	2.1.1
animal_shelter_manager	eq	1.32
animal_shelter_manager	eq	2.0.8
animal_shelter_manager	eq	2.0.16
animal_shelter_manager	eq	2.0.1
animal_shelter_manager	eq	2.0.18