Skip to main content

Insufficient Granularity of Access Control

CVE-2021-20066

Severity Medium
Score 5.6/10

Summary

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. NOTE - This vulnerability is disputed by JSDom's maintainers as mentioned in the issue page.

  • HIGH
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • LOW

CWE-1220 - Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

Advisory Timeline

  • Published