•  
      request #29642 Project "homepage" does not correctly verify permissions
    Infos
    #29642
    Thomas Gerbet (tgerbet)
    2022-12-12 09:56
    2022-11-30 10:07
    31230
    Details
    Project "homepage" does not correctly verify permissions

    Project level authorizations are not properly verified when accessing the project "homepage"/dashboards.

    Impact

    Users not able to access a project might still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...).

    CVSSv3.1 score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

    References

    CWE 285
    CVE-2022-46160

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2022-11-30
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2022-11-30 17:25

    CVE-2022-46160 has been assigned to this vulnerability.


    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes