{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2014-125054","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-01-07T08:44:51.208Z","datePublished":"2023-01-07T08:45:12.149Z","dateUpdated":"2024-08-06T14:10:56.618Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-20T06:20:20.088Z"},"title":"koroket RedditOnRails Vote access control","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"CWE-284 Improper Access Controls"}]}],"affected":[{"vendor":"koroket","product":"RedditOnRails","versions":[{"version":"n/a","status":"affected"}],"modules":["Vote Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability."},{"lang":"de","value":"In koroket RedditOnRails wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente Vote Handler. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Patch wird als 7f3c7407d95d532fcc342b00d68d0ea09ca71030 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2023-01-07T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-01-07T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-01-07T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-01-29T15:52:21.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"VulDB GitHub Commit Analyzer","type":"tool"}],"references":[{"url":"https://vuldb.com/?id.217594","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.217594","tags":["signature","permissions-required"]},{"url":"https://github.com/koroket/RedditOnRails/commit/7f3c7407d95d532fcc342b00d68d0ea09ca71030","tags":["patch"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T14:10:56.618Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.217594","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.217594","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/koroket/RedditOnRails/commit/7f3c7407d95d532fcc342b00d68d0ea09ca71030","tags":["patch","x_transferred"]}]}]}}