Description
Rare issue, where the calculation of effective permissions could produce a faulty result if an object used a specific configuration of metadata-driven permissions.
Affected products
M-Files Server 23.9 M-Files Server 23.10 M-Files Server 23.11 versions prior to 23.11.13168.7
More information
Fixed in 23.11 Service Release 1 (version 23.11.13168.7). Updated to cloud servers during maintenance break on November 26th. CVSS 3.1 Base Score: 5.4 CVSS 3.1 Temporal Score: N/A CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CWE: CWE-281 Improper Preservation of Permissions CAPEC: CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels Internal ID: 169036 Date issued: 2023-11-21
Exploitability
Publicly disclosed: No Exploited: Unknown Propability of exploitation: low – responsibly reported
