Veracode Vulnerability DatabaseVERACODE:48654Improper Authorization
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
16.7%
getkirby/cms is vulnerable to Improper Authorization. The vulnerability is due to the insufficient permission checks in the language settings. An attacker with Panel access can manipulate language definitions by exploiting these missing checks.
References
github.com/advisories/GHSA-jm9m-rqr3-wfmh
github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
github.com/getkirby/kirby/releases/tag/3.10.1.1
github.com/getkirby/kirby/releases/tag/3.6.6.6
github.com/getkirby/kirby/releases/tag/3.7.5.5
github.com/getkirby/kirby/releases/tag/3.8.4.4
github.com/getkirby/kirby/releases/tag/3.9.8.2
github.com/getkirby/kirby/releases/tag/4.3.1
github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
16.7%