CVE-2023-6239

Summary

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.

Affected Software

VendorProductVersion RangeStatus
M-FilesM-Files Server23.9affected
M-FilesM-Files Server23.10affected
M-FilesM-Files Server23.11 < 23.11.13168.7affected

Weaknesses

  • CWE-281: CWE-281 Improper Preservation of Permissions

ADP Enrichment

CVE Program Container

Additional References

References