Miggo Logo

CVE-2022-1810: Publify has Improper Access Controls

4.3

CVSS Score
3.1

Basic Information

EPSS Score
0.18282%
Published
5/24/2022
Updated
8/25/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
publify_corerubygems< 9.2.99.2.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the pre-patch implementation where:

  1. The ID parameter was taken from either article[id] or URL params[:id]
  2. Authorization check used URL params[:id] while the actual operation used the user-controlled article[id]
  3. This mismatch allowed authorization bypass via parameter tampering

The commit fixes this by strictly using params[:id] for both authorization and article lookup, and the added test case explicitly verifies protection against article[id] parameter manipulation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* low-privil**** us*r **n mo*i*y *n* **l*t* **min *rti*l*s *y ***n*in* t** v*lu* o* t** `*rti*l*[i*]` p*r*m*t*r prior to *.*.*.

Reasoning

T** vuln*r**ility st*ms *rom t** pr*-p*t** impl*m*nt*tion w**r*: *. T** I* p*r*m*t*r w*s t*k*n *rom *it**r *rti*l*[i*] or URL p*r*ms[:i*] *. *ut*oriz*tion ****k us** URL p*r*ms[:i*] w*il* t** **tu*l op*r*tion us** t** us*r-*ontroll** *rti*l*[i*] *.