Incorrect privilege assignment issue in M-Files Web in M-Files Web versions beforeÂ 22.5.11436.1 could have changed permissions accidentally.
M-Files Web Classic version before 22.5.11436.1.
M-Files Web vNext version before 22.5.11436.1.
User with access to a document with special ACL may have accidentally saved the document with incorrect default permissions. This vulnerability did not allow an attacker without the privileges to obtain more permissions. Vulnerability required very specific configuration.
CVSS 3.1 Score: 2.0
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
CWE: CWE-266: Incorrect Privilege Assignment
CAPEC: CAPEC-122 Privilege Abuse
Internal ID: 162944,162904
Date issued: 2022-12-02