
We found results for “”
CVE-2021-25973
Date: November 2, 2021
Overview
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow it. This happens due to front-end restriction only.Details
It is possible for a user to sign up with a “guest” privilege user, by browsing the signup url even after the admin disables a user to self-register themselves.PoC Details
Login to the application as admin. Go to the “/settings/index” endpoint and disable the feature which allows a user to self register.In incognito mode, browse to the sign up endpoint, and try to sign up with a user. We see that an external user is still able to create an account even when the feature is disabled by the admin.
Affected Environments
Publify versions 9.0.0.pre1 to 9.2.4Prevention
Update to Publify version v9.2.5Language: Ruby
Good to know:


Base Score: |
|
---|---|
Attack Vector (AV): | Network |
Attack Complexity (AC): | Low |
Privileges Required (PR): | None |
User Interaction (UI): | None |
Scope (S): | Unchanged |
Confidentiality (C): | Low |
Integrity (I): | Low |
Availability (A): | None |
Base Score: |
|
---|---|
Access Vector (AV): | Network |
Access Complexity (AC): | Low |
Authentication (AU): | None |
Confidentiality (C): | Partial |
Integrity (I): | Partial |
Availability (A): | None |
Additional information: |