CVE-2025-62721

Sažetak

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system, regardless of their ownership or visibility settings. This issue is fixed in version 2.4.0.

Reference

https://github.com/Kovah/LinkAce/commit/1fef32694cee2bd80892fb478416be9364c3fddd
https://github.com/Kovah/LinkAce/releases/tag/v2.4.0
https://github.com/Kovah/LinkAce/security/advisories/GHSA-47g2-qw6q-cr96
https://github.com/Kovah/LinkAce/security/advisories/GHSA-47g2-qw6q-cr96

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

05-11-2025 - 19:16

Objavljeno

04-11-2025 - 22:16