EIQ-2018-0014
|
ID |
EIQ-2018-0014 (Former ref.: 19229) |
|
CVE |
- |
|
Description |
Edit and delete rules without permission |
|
Date |
- |
|
Severity |
2 - MEDIUM |
|
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
|
Status |
|
|
Assessment |
Users without the modify rules permission can edit and delete rules through the corresponding context-menu options. They can also edit and delete rules by selecting Actions > Edit, and Actions > Delete on a rule detail pane. |
|
Mitigation |
To prevent users from editing and deleting rules, ensure they do not have the modify rules permission. |
|
Affected versions |
2.1.2 to 2.3.4 included. |
|
Notes |
- |
2.4.0