Description
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.
Scores
CVSS v3
4.3
EPSS
0.0016
EPSS Percentile
36.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-863
CWE-670
Status
published
Products (1)
marmind/marmind
4.1.141.0
Published
Nov 05, 2020
Tracked Since
Feb 18, 2026