CVE-2021-41189

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-41189
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41189.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-41189
Aliases
Published
2021-10-29T18:15:08Z
Modified
2024-10-12T08:27:52.850040Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.

References

Affected packages

Git / github.com/dspace/dspace

Affected ranges

Type
GIT
Repo
https://github.com/dspace/dspace
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

dspace-3.*

dspace-3.0
dspace-3.0-rc1
dspace-3.0-rc2
dspace-3.0-rc3

dspace-4.*

dspace-4.0
dspace-4.0-rc1
dspace-4.0-rc2
dspace-4.0-rc3

dspace-5.*

dspace-5.0
dspace-5.0-rc1
dspace-5.0-rc2
dspace-5.0-rc3

dspace-6.*

dspace-6.0
dspace-6.0-pre-DS-2701
dspace-6.0-rc1
dspace-6.0-rc2
dspace-6.0-rc3
dspace-6.0-rc4

dspace-7.*

dspace-7.0
dspace-7.0-beta1
dspace-7.0-beta2
dspace-7.0-beta2.1
dspace-7.0-beta3
dspace-7.0-beta4
dspace-7.0-beta4.1
dspace-7.0-beta5
dspace-7.0-preview-1