CVE-2020-15248
MEDIUM4.0EPSS 0.05%Privilege escalation by backend users assigned to the default "Publisher" system role
Description
### Impact Backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. ### Patches Issue has been patched in Build 470 (v1.0.470) & v1.1.1. ### Workarounds Apply https://github.com/octobercms/october/commit/78a37298a4ed4602b383522344a31e311402d829 to your installation manually if unable to upgrade to Build 470 or v1.1.1. ### References Reported by [Hoan Hoang](https://github.com/hoanhp) ### For more information If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected]) ### Threat assessment: <img width="1098" alt="Screen Shot 2020-10-10 at 1 37 25 PM" src="https://user-images.githubusercontent.com/7253840/95663611-e6326c80-0afd-11eb-8a1e-8b767a7202fb.png">
Affected packages (1)
- Packagist/october/backend>= 1.0.319, < 1.0.470
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-15248
- PATCHhttps://github.com/octobercms/october
- WEBhttps://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982
- WEBhttps://github.com/octobercms/october/commit/78a37298a4ed4602b383522344a31e311402d829
- WEBhttps://github.com/octobercms/october/security/advisories/GHSA-rfjc-xrmf-5vvw