Business Logic Errors in publify/publify

Valid

Reported on

Feb 3rd 2022


Description

It was found that if a user tries to create an article, and want to make that article private, the functionality is not working.

Proof of Concept

  1. Create an article
  2. Click on publish and you will see the option to visibility to make it private, but functionality is not designed properly.

Impact

This will lead in making every article public which a user does not want to disclose.

We are processing your report and will contact the publify team within 24 hours. 4 months ago
We have contacted a member of the publify team and are waiting to hear back 4 months ago
We have sent a follow up to the publify team. We will try again in 7 days. 4 months ago
Matijs van Zuijlen validated this vulnerability 4 months ago
shubh123-tri has been awarded the disclosure bounty
The fix bounty is now up for grabs
Matijs van Zuijlen confirmed that a fix has been merged on 16fcee 4 months ago
Matijs van Zuijlen has been awarded the fix bounty
to join this conversation