{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the \"user\" privilege. Even after a user's account is deleted, the user can still access the administration panel (and add or delete users) and has complete access to the system."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-09-13T14:54:31.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://github.com/pwndoc/pwndoc/security/advisories"},{"tags":["x_refsource_MISC"],"url":"https://github.com/pwndoc/pwndoc/pull/128"},{"tags":["x_refsource_MISC"],"url":"https://github.com/pwndoc/pwndoc/pull/74"},{"tags":["x_refsource_MISC"],"url":"https://www.dgc.org/responsible_disclosure_pwndoc_jwt"},{"tags":["x_refsource_MISC"],"url":"https://github.com/pwndoc/pwndoc/blob/59519735b0d831d8fd96d7c3387f66d28407e583/CHANGELOG.md#040-2021-08-23"},{"tags":["x_refsource_MISC"],"url":"https://github.com/pwndoc/pwndoc/commit/15f3dc0e212eda465e05fda0feb002d1bce2939d"},{"tags":["x_refsource_MISC"],"url":"https://github.com/pwndoc/pwndoc/commit/ff1b868cec55f5b6c7a91e15a2b0b1f4324121ab"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-31590","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the \"user\" privilege. Even after a user's account is deleted, the user can still access the administration panel (and add or delete users) and has complete access to the system."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://github.com/pwndoc/pwndoc/security/advisories","refsource":"MISC","url":"https://github.com/pwndoc/pwndoc/security/advisories"},{"name":"https://github.com/pwndoc/pwndoc/pull/128","refsource":"MISC","url":"https://github.com/pwndoc/pwndoc/pull/128"},{"name":"https://github.com/pwndoc/pwndoc/pull/74","refsource":"MISC","url":"https://github.com/pwndoc/pwndoc/pull/74"},{"name":"https://www.dgc.org/responsible_disclosure_pwndoc_jwt","refsource":"MISC","url":"https://www.dgc.org/responsible_disclosure_pwndoc_jwt"},{"name":"https://github.com/pwndoc/pwndoc/blob/59519735b0d831d8fd96d7c3387f66d28407e583/CHANGELOG.md#040-2021-08-23","refsource":"MISC","url":"https://github.com/pwndoc/pwndoc/blob/59519735b0d831d8fd96d7c3387f66d28407e583/CHANGELOG.md#040-2021-08-23"},{"name":"https://github.com/pwndoc/pwndoc/commit/15f3dc0e212eda465e05fda0feb002d1bce2939d","refsource":"MISC","url":"https://github.com/pwndoc/pwndoc/commit/15f3dc0e212eda465e05fda0feb002d1bce2939d"},{"name":"https://github.com/pwndoc/pwndoc/commit/ff1b868cec55f5b6c7a91e15a2b0b1f4324121ab","refsource":"MISC","url":"https://github.com/pwndoc/pwndoc/commit/ff1b868cec55f5b6c7a91e15a2b0b1f4324121ab"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T23:03:33.533Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/pwndoc/pwndoc/security/advisories"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/pwndoc/pwndoc/pull/128"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/pwndoc/pwndoc/pull/74"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.dgc.org/responsible_disclosure_pwndoc_jwt"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/pwndoc/pwndoc/blob/59519735b0d831d8fd96d7c3387f66d28407e583/CHANGELOG.md#040-2021-08-23"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/pwndoc/pwndoc/commit/15f3dc0e212eda465e05fda0feb002d1bce2939d"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/pwndoc/pwndoc/commit/ff1b868cec55f5b6c7a91e15a2b0b1f4324121ab"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2021-31590","datePublished":"2021-07-19T19:45:41.000Z","dateReserved":"2021-04-22T00:00:00.000Z","dateUpdated":"2024-08-03T23:03:33.533Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}