2 matches found
GHSA-39VQ-49QM-R2MC Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions
TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...
Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions
TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...