CVE

CVE-2024-0798

Severity:
HIGH
Type:
Unavailable / Other
Publication date:
26/02/2024
Last modified:
26/02/2024

Description

A user with a `default` role given to them by the admin can sent `DELETE` HTTP requests to `remove-folder` and `remove-document` to delete folders and source files from the instance even when their role should explicitly not allow this action on the system.