The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: netflix

Published: 2020-11-09T14:41:37

Updated: 2024-08-04T10:26:15.669Z

Reserved: 2020-02-19T00:00:00

Link: CVE-2020-9300

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-11-09T15:15:13.757

Modified: 2024-11-21T05:40:22.870

Link: CVE-2020-9300

cve-icon Redhat

No data.