Improper Access Control Affecting docassemble.webapp package, versions [1.4.53,1.4.97)
Threat Intelligence
EPSS
0.04% (9th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-DOCASSEMBLEWEBAPP-6347252
- published 1 Mar 2024
- disclosed 29 Feb 2024
- credit Riyush Ghimire
Introduced: 29 Feb 2024
CVE-2024-27292 Open this link in a new tabHow to fix?
Upgrade docassemble.webapp
to version 1.4.97 or higher.
Overview
docassemble.webapp is a The web application components of the docassemble system.
Affected versions of this package are vulnerable to Improper Access Control due to improper validation of user-supplied input through URL parameters. An attacker can gain unauthorized access to information on the system by manipulating URLs to bypass access controls.
Workaround
This vulnerability can be mitigated by manually applying the changes of 97f77dc and restarting the server.
References
CVSS Scores
version 3.1