CVE-2021-25991

Published: Dec 29, 2021Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Exploitability: 2.1 / Impact: 5.2

Source: NVD

Description

In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.

Affected (1)

Products: If Me: Ifme

If Me

1 product

Ifme

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
If Me Ifme	From 5.0.0 to 7.32

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923

Source: vulnerabilitylab@mend.io

PatchThird Party Advisory

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991

Source: vulnerabilitylab@mend.io

ExploitThird Party Advisory

https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.