Account Takeover (ATO)

Pageflow is vulnerable to account takeover ATO. An insecure direct object reference is possible due to improper restriction to the user membership base object. An attacker with the manager role can modify any users memberships, resulting in account takeover...

Information Disclosure

pageflow is vulnerable to information disclosure.The vulnerability exists in multiple functions in entry.rb and usermixin.rb because the lack of restrictions to database objects which allows an attacker to gain access to the data of associated database objects...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via startswith, endswith or contains search matchers which can be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force. Remediation Upgrade pageflow to...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a crafted request sent to the /admin/users/userid/memberships/membershipid endpoint containing an additional membershipentityid parameter. This will allow an attacker to update the...

Pageflow vulnerable to insecure direct object reference in membership update endpoint

Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...

GHSA-QCQV-38JG-2R43 Pageflow vulnerable to insecure direct object reference in membership update endpoint

Impact Pageflow has a membership edit feature which allows users to edit the roles of user memberships associated with an account that they have the manager role to including their own. While the Entity dropdown select field is greyed out in the UI, an attacker can use tools which allow sending...

Pageflow vulnerable to sensitive user data extraction via Ransack query injection

Impact The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to. Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the...

GHSA-WRRW-CRP8-979Q Pageflow vulnerable to sensitive user data extraction via Ransack query injection

Impact The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to. Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the...

PT-2022-28272 · Pageflow · Pageflow

Name of the Vulnerable Software and Affected Versions: Pageflow versions prior to 14.5.2 Pageflow versions prior to 15.7.1 Description: The issue allows attackers to update membership objects associated with their own account to be associated with a different account, potentially compromising all...

PT-2022-28288 · Ransack +2 · Ransack +2

Name of the Vulnerable Software and Affected Versions: pageflow versions prior to 14.5.2 pageflow versions prior to 15.7.1 Description: The issue allows attackers to extract sensitive properties of database objects associated with users or entries belonging to an account they have access to. This...