Vulnerabilities > CVE-2020-26178 - Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |