EIQ-2018-0014#

ID

EIQ-2018-0014

(Former ref.: 19229)

CVE

-

Description

Edit and delete rules without permission

Date

-

Severity

2 - MEDIUM

CVSSv3 score

CVSSv3 score not available on NIST NVD.

Status

✅ 2.4.0

Assessment

Users without the modify rules permission can edit and delete rules through the corresponding context-menu options.

They can also edit and delete rules by selecting Actions > Edit, and Actions > Delete on a rule detail pane.

Mitigation

To prevent users from editing and deleting rules, ensure they do not have the modify rules permission.

Affected versions

2.1.2 to 2.3.4 included.

Notes

-