CVE-2022-4270: Incorrect privilege assignment

DESCRIPTION:

Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.

AFFECTED PRODUCTS:

M-Files Web Classic version before 22.5.11436.1.
M-Files Web vNext version before 22.5.11436.1.

MORE INFORMATION:

User with access to a document with special ACL may have accidentally saved the document with incorrect default permissions. This vulnerability did not allow an attacker without the privileges to obtain more permissions. Vulnerability required very specific configuration.

CVSS 3.1 Score: 2.0

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

CWE: CWE-266: Incorrect Privilege Assignment
CAPEC: CAPEC-122 Privilege Abuse

Internal ID: 162944,162904

Date issued: 2022-12-02

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-4270