What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in John Luetke Media Author media-author allows Privilege Escalation.This issue affects Media Author: from n/a through <= 1.0.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in John Luetke Media Author media-author allows Privilege Escalation.This issue affects Media Author: from n/a through <= 1.0.4.
Explanation of Vulnerability in Simple Terms
Media Author versions 1.0.4 and earlier contain an improper access control vulnerability. An authenticated administrator can modify site data or cause the application to become unavailable. The vulnerability requires high-level privileges and does not affect data confidentiality. A patch version has not been publicly identified.
What an attacker can do
An authenticated admin can corrupt or delete site data, or make the application unavailable.
Potential impact on your site
An admin account compromise could result in data loss or site downtime without affecting user passwords or private content.
Conditions required to exploit
Attacker must have administrator-level access to the site.
Key dates
External resources
Related vulnerabilities