Security Advisory
CVE-2020-26171
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them.