CVE-2023-2480

Summary

Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications

Affected Software

VendorProductVersion RangeStatus
M-FilesM-Files Client0 < 23.5.12598.0affected
M-FilesM-Files Client23.2.12340.11unaffected

Weaknesses

  • CWE-280: CWE-280 Improper Handling of Insufficient Permissions or Privileges

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References