What the vulnerability does
01Description
Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.
Explanation of Vulnerability in Simple Terms
JetTabs through version 2.2.12 fails to properly check user permissions before allowing access to sensitive data. An authenticated user with low privileges can read information they should not have access to. The vulnerability requires a valid user account but no special interaction. Update to a version newer than 2.2.12.
What an attacker can do
Read sensitive data they should not have access to as a low-privilege authenticated user.
Potential impact on your site
Unauthorized users can access confidential information stored in JetTabs, risking data exposure.
Conditions required to exploit
Attacker must have a valid user account with low privileges on the site.
Key dates
External resources