What the vulnerability does
01Description
Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.
Explanation of Vulnerability in Simple Terms
GoCache versions up to 1.3.6 lack proper authorization checks, allowing authenticated users to modify or disable caching functionality. An attacker with low-level site access can alter cache settings or availability without proper permission validation. This affects data integrity and site performance for installations running the vulnerable versions.
What an attacker can do
Modify or disable cache settings and functionality without proper authorization.
Potential impact on your site
Unauthorized users can degrade site performance or alter caching behavior, potentially affecting content delivery.
Conditions required to exploit
Attacker must have a low-privilege authenticated account on the site.
Key dates
External resources