CVE-2021-25973

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
6.4
MEDIUM
Affected
1
PROJECT

Description

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

publify/publify
publify/publify
A self hosted Web publishing platform on Rails.
GitHubGitHub
1.86K