Vulnerabilities > CVE-2020-26178 - Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
tangro
CWE-639
NVD
Published: 2020-12-18
Updated: 2020-12-21

Summary

In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated.

Vulnerable Configurations

Part Description Count
Application
Tangro
1

Common Weakness Enumeration (CWE)

References