Lucene search
Veracode Vulnerability DatabaseVERACODE:33193HistoryDec 07, 2021 - 8:22 a.m.
Privilege Escalation
2021-12-0708:22:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
21.4%
invenio_drafts_resources is vulnerability to privilege escalation. An authenticated user is able to publish draft records of other users via REST API calls when they know the record identifier and the draft validates due to improper permission checks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| invenio-drafts-resources | le | 0.14.5 | |
| invenio-drafts-resources | le | 0.14.5 |
Related
prion
prion
Design/Logic Flaw
2021-12-06 18:15:00
github
github
Permissions not properly checked in Invenio-Drafts-Resources
2021-12-06 23:57:59
osv
osv
PYSEC-2021-836
2021-12-06 18:15:00
CVE-2021-43781
2021-12-06 18:15:08
Permissions not properly checked in Invenio-Drafts-Resources
2021-12-06 23:57:59
cvelist
cvelist
CVE-2021-43781 Permissions not properly checked in Invenio-Drafts-Resources
2021-12-06 17:45:10
nvd
nvd
CVE-2021-43781
2021-12-06 18:15:08
cve
cve
CVE-2021-43781
2021-12-06 18:15:08