CVE-2020-26506

Published: Nov 5, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.

Affected (1)

Products: Marmind: Marmind

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Marmind Marmind	Version 4.1.141.0

Related CWEs

Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://www.marmind.com/en/

Source: cve@mitre.org

Product

https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.marmind.com/en/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.