Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.
References
Configurations
No configuration.
History
21 Aug 2024, 12:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-20 18:15
Updated : 2024-08-21 12:30
NVD link : CVE-2024-6322
Mitre link : CVE-2024-6322
CVE.ORG link : CVE-2024-6322
JSON object : View
Products Affected
No product.
CWE
CWE-266
Incorrect Privilege Assignment