Description
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control.
`guest` role users can self-register even when the admin does not allow. This happens
due to front-end restriction only.
Affected Software
{"id": "RUBY:PUBLIFY-CORE-2021-25973", "bulletinFamily": "software", "title": "Improper Authorization in Publify", "description": "In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control.\n`guest` role users can self-register even when the admin does not allow. This happens\ndue to front-end restriction only.\n", "published": "2021-11-03T00:00:00", "modified": "2021-11-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://rubysec.com/advisories/2021-25973/", "reporter": "RubySec", "references": ["https://github.com/advisories/GHSA-x24j-87x9-jvv5"], "cvelist": ["2021-25973"], "immutableFields": [], "type": "rubygems", "lastseen": "2021-12-13T16:39:09", "edition": 1, "viewCount": 2, "enchantments": {"backreferences": {"references": [{"idList": ["GHSA-X24J-87X9-JVV5"], "type": "github"}]}, "dependencies": {"references": [{"idList": ["GHSA-X24J-87X9-JVV5"], "type": "github"}], "rev": 4}, "exploitation": null, "score": {"value": 4.1, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "publify-core", "version": 9}, {"name": "publify-core", "version": 9}]}, "vulnersScore": 4.1}, "affectedSoftware": [{"name": "publify-core", "operator": "lt", "version": "9.0.0.pre1"}, {"name": "publify-core", "operator": "lt", "version": "9.2.5"}], "_state": {"dependencies": 1646382935, "score": 1659850087, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "df15c907857e8d31ffff5ef588b0ee04"}}
{}
Improper Authorization in Publify