REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf - |
01 Jul 2021, 16:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:project-redcap:redcap:4.14.0:*:*:*:*:*:*:* cpe:2.3:a:project-redcap:redcap:*:*:*:*:*:*:*:* cpe:2.3:a:project-redcap:redcap:4.14.2:*:*:*:*:*:*:* cpe:2.3:a:project-redcap:redcap:4.14.4:*:*:*:*:*:*:* cpe:2.3:a:project-redcap:redcap:4.14.1:*:*:*:*:*:*:* |
cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:* cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:* cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:* cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:* cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:* cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:* |
Information
Published : 2013-06-17 11:38
Updated : 2024-11-21 01:55
NVD link : CVE-2013-4609
Mitre link : CVE-2013-4609
CVE.ORG link : CVE-2013-4609
JSON object : View
Products Affected
project-redcap
- redcap
vanderbilt
- redcap
CWE
CWE-264
Permissions, Privileges, and Access Controls