Improper access control in Node Access Rebuild Progressive - #VU86918

 

Improper access control in Node Access Rebuild Progressive - #VU86918

Published: February 29, 2024


Vulnerability identifier: #VU86918
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: bellesmanieres
Affected software:
Node Access Rebuild Progressive

Detailed vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected plugin does not sufficiently reset the state of content access when the module is uninstalled. A remote administrator can bypass implemented security restrictions and gain unauthorized access sensitive information.


Remediation

Install updates from vendor's website.

Sources