4 matches found
CVE-2025-21611
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...
CVE-2025-21611
creationtimestamp| type| source ---|---|--- 2025-01-06 15:44:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113782178626856481 2025-01-06 16:16:09+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3jt4vtmb2l 2025-01-06 16:38:27+00:00| seen|...
CVE-2025-21611
CVE-2025-21611 affects tgstation-server (BYOND server management). Before version 6.12.3, the authorization check for API methods used OR between the user-enabled status and the role, instead of AND. This error allowed enabled users to access most authorized actions regardless of their permission...
CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...