Description
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.marmind.com/en/
Exploit, Third Party Advisory x_refsource_misc
https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html
Scores
CVSS v3
4.3
EPSS
0.0079
EPSS Percentile
51.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-863
CWE-670
Status
published
Products (1)
marmind/marmind
4.1.141.0
Published
Nov 05, 2020
Tracked Since
Feb 18, 2026