CVE-2021-25991

In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
MendCNA
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
if-meifme
5.0.0 ≤
𝑥
≤ 7.32
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991
https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991