Business Logic Errors in publify/publify

Valid

Reported on

Feb 3rd 2022

Description

It was found that if a user tries to create an article, and want to make that article private, the functionality is not working.

Proof of Concept

  1. Create an article
  2. Click on publish and you will see the option to visibility to make it private, but functionality is not designed properly.

Impact

This will lead in making every article public which a user does not want to disclose.

We are processing your report and will contact the publify team within 24 hours. a year ago
We have contacted a member of the publify team and are waiting to hear back a year ago
We have sent a follow up to the publify team. We will try again in 7 days. a year ago
Matijs van Zuijlen validated this vulnerability a year ago
shubh123-tri has been awarded the disclosure bounty
The fix bounty is now up for grabs
Matijs van Zuijlen marked this as fixed in 9.2.7 with commit 16fcee a year ago
Matijs van Zuijlen has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation