Skip to main content

Authorization Bypass Through User-Controlled Key

CVE-2021-3964

Severity Medium
Score 5.9/10

Summary

elgg prior to 3.3.22 and 4.x prior to 4.0.4 is vulnerable to Authorization Bypass Through User-Controlled Key

  • HIGH
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-639 - Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Advisory Timeline

  • Published