Metadata-driven permissions miscalculation vulnerability in M-Files Server versions 23.9-23.11.13168.7

Metadata-driven permissions miscalculation vulnerability in M-Files Server versions 23.9-23.11.13168.7

CVE-2023-6239 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.

Learn more about our Cis Benchmark Audit For Server Software.