Incomplete User Permission Changes in Portal for ArcGIS 10.9.1 and Below: Potential Unauthorized Content Access

Incomplete User Permission Changes in Portal for ArcGIS 10.9.1 and Below: Potential Unauthorized Content Access

CVE-2023-25834 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.

Learn more about our User Device Pen Test.