Moderate severityNVD Advisory· Published May 16, 2022· Updated Sep 16, 2024
Improper Privilege Management in Crafter Studio
CVE-2021-23265
Description
A logged-in and authenticated user with a Reviewer Role may lock a content item.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.craftercms:craftercmsMaven | >= 3.1.0, < 3.1.18 | 3.1.18 |
Affected products
1- Range: 3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-fj9v-g8fw-vxmfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23265ghsaADVISORY
- docs.craftercms.org/en/3.1/security/advisory.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.