CVE-2017-8383Improper Access Control in Craft CMS

CWE-284Improper Access Control4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 45.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Craftcms CMSCraftcms Craft CMS
Timeline
PublishedMay 1
Latest updateMay 13

Description

Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

Packagistcraftcms/cms< 2.6.2976
NVDcraftcms/craft_cms2.6.2974

🔴Vulnerability Details

3
OSV
Craft CMS Unauthorized View2022-05-13
GHSA
Craft CMS Unauthorized View2022-05-13
CVEList
CVE-2017-8383: Craft CMS before 22017-05-01
CVE-2017-8383 — Improper Access Control in Craft CMS | cvebase