CVE-2022-4270: Incorrect privilege assignment
DESCRIPTION
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.
AFFECTED PRODUCTS
M-Files Web Classic version before 22.5.11436.1.
M-Files Web vNext version before 22.5.11436.1.
MORE INFORMATION
User with access to a document with special ACL may have accidentally saved the document with incorrect default permissions. This vulnerability did not allow an attacker without the privileges to obtain more permissions. Vulnerability required very specific configuration.
CVSS 3.1 Score: 2.0
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
CWE: CWE-266: Incorrect Privilege Assignment
CAPEC: CAPEC-122 Privilege Abuse
Internal ID: 162944,162904
Date issued: 2022-12-02