Vulnerabilities > CVE-2021-25973 - Incorrect Resource Transfer Between Spheres vulnerability in Publify Project Publify
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 15 |
Common Weakness Enumeration (CWE)
References
- https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e
- https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973