What the vulnerability does
01Description
Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.
Explanation of Vulnerability in Simple Terms
6Storage Rentals versions up to 2.19.5 lack proper authorization checks, allowing authenticated users to modify data they should not have access to. An attacker with a low-privilege account can alter records without proper permission validation. The vulnerability affects data integrity but does not expose sensitive information or disrupt availability.
What an attacker can do
Modify data belonging to other users or restricted records with a low-privilege account.
Potential impact on your site
Users' data can be altered by other authenticated users without authorization, compromising data integrity.
Conditions required to exploit
Attacker must have a valid user account with low-level privileges on the site.
Key dates
External resources