Overview
An authenticated user can view and delete projects or files that they are not assigned to.
Description
An authenticated user with no permission to a project can subscribe to the project, delete files, and possibly take other actions by loading a specifically crafted URL. Specific fields for the URL would most likely not be known to the attacker but a brute force attack could still be used to try all possibilities. ActiveCollab 2.3.1 is known to be vulnerable. Earlier versions may be vulnerable as well. |
Impact
An authenticated attacker could view or modify projects they are not assigned to, resulting in loss of data integrity and confidentiality. An unauthenticated attacker may use a cross-site request forgery (XSRF) attack to trick an authenticated user into visiting a specifically crafted malicious URL as well. |
Solution
Upgrade to ActiveCollab 2.3.2 or newer. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Robin Wood for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2010-0215 |
| Severity Metric: | 0.00 |
| Date Public: | 2010-10-04 |
| Date First Published: | 2010-10-04 |
| Date Last Updated: | 2010-10-04 12:42 UTC |
| Document Revision: | 25 |