CVE-2021-25991

EUVD-2021-12816
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
MendCNA
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
if-meifme
5.0.0 ≤
𝑥
≤ 7.32
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991
https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991