Mend Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-25973

Date: November 2, 2021

Overview

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow it. This happens due to front-end restriction only.

Details

It is possible for a user to sign up with a “guest” privilege user, by browsing the signup url even after the admin disables a user to self-register themselves.

PoC Details

Login to the application as admin. Go to the “/settings/index” endpoint and disable the feature which allows a user to self register.
In incognito mode, browse to the sign up endpoint, and try to sign up with a user. We see that an external user is still able to create an account even when the feature is disabled by the admin.

Affected Environments

Publify versions 9.0.0.pre1 to 9.2.4

Prevention

Update to Publify version v9.2.5

Language: Ruby

Good to know:

icon

Improper Authorization

CWE-285

Incorrect Resource Transfer Between Spheres

CWE-669

Incorrect Authorization

CWE-863
icon

Upgrade Version

Upgrade to version publify_core - 9.2.5

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): None
Additional information:

Related Resources (4)

https://nvd.nist.gov/vuln/detail/CVE-2021-25973
https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973
https://www.mend.io/vulnerability-database/CVE-2021-25973