CVE-2021-3992

Published: Dec 1, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

kimai2 is vulnerable to Improper Access Control

Affected (1)

Products: Kimai2 Project: Kimai2

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kimai2 Project Kimai2	Before 1.16.2

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://github.com/kevinpapst/kimai2/commit/ff9acab0fc81f0e9490462739ef15fe4ab028ea5

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/a0c438fb-c8e1-40cf-acc6-c8a532b80b93

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://github.com/kevinpapst/kimai2/commit/ff9acab0fc81f0e9490462739ef15fe4ab028ea5

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/a0c438fb-c8e1-40cf-acc6-c8a532b80b93

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.