Vulnerability Note VU#236703
ActiveCollab permissions failure
An authenticated user can view and delete projects or files that they are not assigned to.
An authenticated user with no permission to a project can subscribe to the project, delete files, and possibly take other actions by loading a specifically crafted URL. Specific fields for the URL would most likely not be known to the attacker but a brute force attack could still be used to try all possibilities. ActiveCollab 2.3.1 is known to be vulnerable. Earlier versions may be vulnerable as well.
An authenticated attacker could view or modify projects they are not assigned to, resulting in loss of data integrity and confidentiality. An unauthenticated attacker may use a cross-site request forgery (XSRF) attack to trick an authenticated user into visiting a specifically crafted malicious URL as well.
Upgrade to ActiveCollab 2.3.2 or newer.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|A51 DOO||Affected||19 Aug 2010||20 Aug 2010|
CVSS Metrics (Learn More)
Thanks to Robin Wood for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2010-0215
- Date Public: 04 Oct 2010
- Date First Published: 04 Oct 2010
- Date Last Updated: 04 Oct 2010
- Severity Metric: 0.00
- Document Revision: 25
If you have feedback, comments, or additional information about this vulnerability, please send us email.