
We found results for “”
WS-2023-0279
Good to know:

Date: June 28, 2023
The ability to edit groups owned by any user. in limesurvey/limesurvey. Improper Authorization in Export role function in limesurvey/limesurvey
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Improper Authorization
CWE-285Top Fix

Upgrade Version
Upgrade to version limesurvey/limesurvey - dev-bug/19550-fix-get-class-wihout-arguments;limesurvey/limesurvey - 5.0.0+210526;limesurvey/limesurvey - 6.1.8+230717;limesurvey/limesurvey - dev-fix-spss-token-length;limesurvey/limesurvey - 2.2.5;limesurvey/limesurvey - dev-install-command-rpc;limesurvey/limesurvey - 5.6.31+230718;limesurvey/limesurvey - dev-dependabot/npm_and_yarn/assets/packages/lstutorial/terser-5.14.2;limesurvey/limesurvey - dev-master-innodb;limesurvey/limesurvey - dev-detached2;limesurvey/limesurvey - dev-dependabot/npm_and_yarn/assets/packages/lstutorial/loader-utils-2.0.3;limesurvey/limesurvey - dev-findfix6;limesurvey/limesurvey - 5.3.7+220328;limesurvey/limesurvey - 5.3.26+220720
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | LOW |