DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-10-29T17:25:10
Updated: 2024-08-04T03:08:31.307Z
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41189
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-10-29T18:15:08.167
Modified: 2021-11-03T12:47:36.327
Link: CVE-2021-41189
Redhat
No data.