Security Advisory

CVE-2024-27105

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-20 18:11:58
Last updated 2024-08-02 17:38:02
Assigner GitHub_M
State PUBLISHED

Description

Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available.