What the vulnerability does
01Description
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated.
CVSS base score
CVSS vector
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N
What the vulnerability does
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated.
Key dates
External resources