Incorrect privilege assignment in M-Files Server versions before 23.3.11164.0 and before 23.3.11237.1 allowed reading of unmanaged objects.
All M-Files Server versions before 18.104.22.168.0 and before 22.3.11237.1.
“See and undelete deleted objects” permission incorrectly gives access to read undeleted unmanaged objects.
CVSS 3.1 Score: 2.4
CWE: CWE-269 Improper Privilege Management
CAPEC: CAPEC-233 Privilege Escalation
Internal ID: 161409
Date issued: 2022-11-30