Main Vulnerability Database Vulnerabilities #VU103249

Improper access control in AI (Artificial Intelligence) - #VU103249

Published: January 23, 2025

Vulnerability identifier: #VU103249

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: kevinquillen

Affected software:
AI (Artificial Intelligence)

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected plugin does not sufficiently check for access to view the preview listing of the logs. A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

Sources

https://www.drupal.org/sa-contrib-2025-004

Improper access control in AI (Artificial Intelligence) - #VU103249

Detailed vulnerability description

Remediation

Sources

Please verify you're human