| tiêu đề | GitHub OpnForm 1.9.3 Improper Access Controls |
|---|
| Mô tả | Title: Improper Access Controls on /edit
Description: A low privileged user with read-only restrictions is able to view the settings of a form in the /edit endpoint. This can allow a form’s password and other form settings to be leaked.
The vulnerability has confirmed by the vendor to have been patched in v1.9.3 main branch with commit b15e29021d326be127193a5dbbd528c4e37e6324.
Please see the attached Google Doc link for more information under 7. Improper Access Controls on the /forms/<form-slug>/edit Endpoint and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: https://github.com/JhumanJ/OpnForm/pull/900/commits/b15e29021d326be127193a5dbbd528c4e37e6324 |
|---|
| Nguồn | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.t78mmp24qqk5 |
|---|
| Người dùng | balejin (UID 89385) |
|---|
| Đệ trình | 01/10/2025 21:06 (cách đây 9 các tháng) |
|---|
| Kiểm duyệt | 07/10/2025 15:17 (6 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 327377 [JhumanJ OpnForm đến 1.9.3 /edit nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|