VWE-2020-6013 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2020-6013
This page is a chapter in Info Known Vulnerabilities

This page has been seen 133,894 times.

- Created by
  pegasus
  on October 16, 2021

Common Name None
VWE-ID VWE-2020-6013
Related Report None
Severity LOW
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions Escalation. If the URL is accessed directly, a user without permission to manage a feed's entries can access the form that allows modifying an individual entry; however, the user would not be able to save any changes.

Discovered November 28, 2020
Resolved December 13, 2020
Patches Available 4.1.1 Patch Level 1
4.1.0 Patch Level 3
4.1.0 RC 3 Patch Level 5
4.1.0 RC 2 Patch Level 6
4.1.0 RC 1 Patch Level 7
4.0.28 Patch Level 7
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2020-6013
Related Report	None
Severity	LOW
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions Escalation. If the URL is accessed directly, a user without permission to manage a feed's entries can access the form that allows modifying an individual entry; however, the user would not be able to save any changes.
Discovered	November 28, 2020
Resolved	December 13, 2020
Patches Available	4.1.1 Patch Level 1 4.1.0 Patch Level 3 4.1.0 RC 3 Patch Level 5 4.1.0 RC 2 Patch Level 6 4.1.0 RC 1 Patch Level 7 4.0.28 Patch Level 7