SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
References
Link | Resource |
---|---|
https://cwe.mitre.org/data/definitions/321.html | Technical Description |
https://forum.soplanning.org/viewforum.php?f=8 | Vendor Advisory |
https://labs.integrity.pt/advisories/cve-2020-13963/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-21T20:57:32
Updated: 2022-07-10T20:16:12
Reserved: 2020-06-09T00:00:00
Link: CVE-2020-13963
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-21T21:15:12.530
Modified: 2022-11-05T02:04:33.607
Link: CVE-2020-13963
JSON object: View
Redhat Information
No data.
CWE