Adding access control check for CVE-2023-26360 #11398
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Template / PR Information
Sometime the CVE-2023-44352 could not be exploited as is and require additional access control bypass.
With the provided template's update, if the instance is vulnerable to CVE-2023-29298 and/or CVE-2023-38205, the CVE-2023-44352 could be exploited so it should be raised to the end user.
https://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/
https://www.rapid7.com/blog/post/2023/07/19/cve-2023-38205-adobe-coldfusion-access-control-bypass-fixed/
Template Validation
I've validated this template locally?
Additional Details (leave it blank if not applicable)
Additional References: