Lucene search
+L

4 matches found

NVD
NVD
added 2025/01/06 4:15 p.m.24 views

CVE-2025-21611

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

8.8CVSS0.00461EPSS
Exploits0References3
Circl
Circl
added 2025/01/06 3:44 p.m.7 views

CVE-2025-21611

creationtimestamp| type| source ---|---|--- 2025-01-06 15:44:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113782178626856481 2025-01-06 16:16:09+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3jt4vtmb2l 2025-01-06 16:38:27+00:00| seen|...

8.8CVSS4.8AI score0.00461EPSS
Exploits0References6
CVE
CVE
added 2025/01/06 3:38 p.m.108 views

CVE-2025-21611

CVE-2025-21611 affects tgstation-server (BYOND server management). Before version 6.12.3, the authorization check for API methods used OR between the user-enabled status and the role, instead of AND. This error allowed enabled users to access most authorized actions regardless of their permission...

8.8CVSS8.6AI score0.00461EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/06 3:38 p.m.22 views

CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

8.8CVSS8.7AI score0.00461EPSS
Exploits0References3
Rows per page
Query Builder