Lucene search

Veracode Vulnerability DatabaseVERACODE:47349

HistoryJun 04, 2024 - 9:24 a.m.

Improper Permission Check

2024-06-0409:24:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

wagtail

vulnerability

improper permission check

settings module

admin access

settings models

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Wagtail is vulnerable to Improper Permission Check. The vulnerability is due to an improperly applied permission check in the wagtail.contrib.settings module, allowing users with admin access to modify settings models without proper permissions.

References

github.com/advisories/GHSA-xxfm-vmcf-g33f

github.com/wagtail/wagtail/commit/284f75a6f91f7ab18cc304d7d34f33b559ae37b1

github.com/wagtail/wagtail/security/advisories/GHSA-xxfm-vmcf-g33f

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for VERACODE:47349