What the vulnerability does
01Description
Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Path Traversal.This issue affects 6Storage Rentals: from n/a through <= 2.20.2.
Explanation of Vulnerability in Simple Terms
6Storage Rentals versions up to 2.20.2 fail to properly check user permissions before allowing access to sensitive data. An authenticated user with low privileges can read information they should not have access to. The vulnerability does not allow modification or deletion of data, only unauthorized viewing.
What an attacker can do
Read sensitive data they should not have access to.
Potential impact on your site
User data may be exposed to other authenticated users with lower privilege levels.
Conditions required to exploit
Attacker must have a low-privilege account on the site.
Key dates
External resources