An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.
References
Link | Resource |
---|---|
https://aleksis.org/2022-05-04_advisory.html | Broken Link Vendor Advisory |
https://edugit.org/AlekSIS/official/AlekSIS-Core/-/issues/688 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-03T20:11:07
Updated: 2022-06-09T16:28:55
Reserved: 2022-04-25T00:00:00
Link: CVE-2022-29773
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-03T21:15:07.967
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-29773
JSON object: View
Redhat Information
No data.
CWE