MyBB Group MyBB におけるアクセス制御に関する脆弱性
| Title |
MyBB Group MyBB におけるアクセス制御に関する脆弱性
|
| Summary |
MyBB Group MyBB には、アクセス制御に関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
March 15, 2018, midnight |
| Registration Date |
Sept. 19, 2018, 4:24 p.m. |
| Last Update |
Sept. 19, 2018, 4:24 p.m. |
|
CVSS3.0 : 警告
|
| Score |
4.3
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
CVSS2.0 : 警告
|
| Score |
4
|
| Vector |
AV:N/AC:L/Au:S/C:P/I:N/A:N |
Affected System
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2018年09月19日]
掲載 |
Sept. 19, 2018, 4:24 p.m. |
NVD Vulnerability Information
CVE-2018-1000503
| Summary |
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.
|
| Publication Date |
June 27, 2018, 1:29 a.m. |
| Registration Date |
March 1, 2021, 6:40 p.m. |
| Last Update |
Nov. 21, 2024, 12:40 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:* |
|
|
|
1.8.15 |
Related information, measures and tools
Common Vulnerabilities List