Security Advisory

CVE-2020-26171

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-18 09:28:06
Last updated 2024-08-04 15:49:07
Assigner mitre
State PUBLISHED

Description

In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them.