Отправить #639750: Github Papermerge 3.5.3 Improper Access ControlsИнформация

Название	Github Papermerge 3.5.3 Improper Access Controls
Описание	Papermerge, developed by ciur, is vulnerable to Broken Function Level Authorization in its folder deletion functionality. A remote authenticated attacker can delete resources belonging to other users by supplying a valid authorization token from a different account. This allows unauthorized resource deletion, leading to loss of data integrity and availability.
Источник	⚠️ https://docs.google.com/document/d/19j0mCR-QOuhlxAJMir00Z8_MZdydVdmE_Ak09ra2NHw/edit?usp=sharing
Пользователь	unhingedazrael (UID 89347)
Представление	22.08.2025 09:37 (10 месяцы назад)
Модерация	10.09.2025 12:09 (19 days later)
Статус	принято
Запись VulDB	323482 [Papermerge DMS до 3.5.3 Authorization Token эскалация привилегий]
Баллы	18

Want to stay up to date on a daily basis?

Enable the mail alert feature now!