CIVI-SA-2016-02: Access bypass

Publié

2016-02-02 02:06

Written by

xurizaemon

The 4.6.11 release of CiviCRM addresses an issue whereby users with limited administrative rights (data viewing) were able to modify certain fields within CiviCRM.

Security Risk

Moderately Critical

Vulnerability

Access Bypass

Affected Versions

CiviCRM 4.6.10 and below

Fixed Versions

CiviCRM 4.6.11 and above

Solutions

Upgrade to a fixed version of CiviCRM, 4.6.11+, OR
Apply patch from CRM-17533: https://github.com/civicrm/civicrm-core/pull/7163

Credits

This issue was reported and resolved by Mattias Michaux in co-ordination with the CiviCRM security team.

The CiviCRM community thanks Mattias for his contribution to CiviCRM's security.

Nous Nous sommes en train de traduire le site civicrm.org. Certaines contenus pourraient ne pas être disponibles dans toutes les langues. En savoir plus et participer.

© 2005 - 2023, CIVICRM LLC. Tous droits réservés.
CiviCRM et le logo CiviCRM sont des marques de commerce de CiviCRM LLC. À l'exception d'une indication contraire, le contenu de ce site est mis à disposition sous une licence « Create Commons Attribution-Share Alike 3.0 United States Licence. »

[D8]

CIVI-SA-2016-02: Access bypass

TRAVAILLEZ AVEC DES EXPERTS DE CONFIANCE

Langues