CVE-2014-3521

CWE-264CWE-862Missing Authorization5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 64.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Conga
Timeline
PublishedOct 6
Latest updateMay 17

Description

The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

NVDredhat/conga0.12.2

🔴Vulnerability Details

2
GHSA
GHSA-grqp-fw5g-3f7r: The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 02022-05-17
CVEList
CVE-2014-3521: The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 02014-10-06

📋Vendor Advisories

1
Red Hat
luci: unauthorized administrative access granted to non-administrative users2014-09-16

💬Community

1
Bugzilla
CVE-2014-3521 luci: unauthorized administrative access granted to non-administrative users2014-06-24