Business Logic Errors in publify/publify

Valid

Reported on

Feb 3rd 2022


Description

It was found that if a user tries to create an article, and want to make that article private, the functionality is not working.

Proof of Concept

  1. Create an article
  2. Click on publish and you will see the option to visibility to make it private, but functionality is not designed properly.

Impact

This will lead in making every article public which a user does not want to disclose.

We are processing your report and will contact the publify team within 24 hours. 2 years ago
We have contacted a member of the publify team and are waiting to hear back 2 years ago
We have sent a follow up to the publify team. We will try again in 4 days. 2 years ago
Matijs van Zuijlen validated this vulnerability 2 years ago
shubh123-tri has been awarded the disclosure bounty
The fix bounty is now up for grabs
Matijs van Zuijlen marked this as fixed in 9.2.7 with commit 16fcee 2 years ago
Matijs van Zuijlen has been awarded the fix bounty
to join this conversation