CVE-2021-41189 HIGH

CVE-2021-41189: Communities and collections administrators can escalate their privilege up to system administrator

Vendor Dspace

Product DSpace

Weakness CWE-863 · Incorrect authorization

Published October 29, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.

Key dates

02Disclosure timeline

October 29, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-41189

Related vulnerabilities

CVE-2021-41189: Communities and collections administrators can escalate their privilege up to system administrator

01Description

02Disclosure timeline

03References

04Related CVE