29 matches found
Craft CMS: Low-privilege users could read private asset contents when editing an asset (IDOR)
Summary A low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized to view. The endpoint returns image bytes or a preview redirect without enforcing a per-asset view authorization check, leading to potenti...
CGA-RX73-RR3H-9383
Bulletin has no description...
MS:F5121D7B-3ACD-495E-92AE-82EDDB5E55A9
...
MS:848D4E56-2E06-4223-B90B-86A5B6D89691
...
MS:2F3485BC-E427-47CA-B1D7-CBC59469AE98
...
MS:8AFAE340-36B4-4706-B85E-20EAB2BD6D7D
...
MS:9A384FBC-88D7-4A09-863E-F50E7B9D2EB3
...
MS:ACF1E48A-5368-44FB-AD0C-A831E172134D
...
MS:A47C549D-4F54-48ED-BE10-98B85655B865
...
MS:2BB1BB34-B723-474D-92DF-07944CFA13FA
...
MS:905BBE76-70D7-4ED9-8E10-933720DD6009
...
MS:6E5A75FE-58E5-4E3E-AD4B-B70C1C731F8F
...
MS:915364C4-6715-4FB7-AD5D-3BAF68649294
...
MS:10A48D13-24FD-4970-95A4-1467C90AFDBE
...
MS:FB4BDD6B-7619-4D69-AF77-04FB4505D26F
...
MS:F210AFA2-79F9-4C53-AA58-391A3B819131
...
MS:53F3588B-F9AC-4167-97AC-C6C28C3F8917
...
MS:2A20DBDB-BF05-4339-BD04-EA8AE62D9DDA
...
MS:11C0C141-11C8-4098-9252-BCAA9B17D2A5
...
MS:BAC4F584-A642-446C-8720-A24C27D50C4B
...