Vulnerability Description
Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the issue.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/paperless-ngx/paperless-ngx/commit/ed05b40ba461641b1b59b0a92f
- https://github.com/paperless-ngx/paperless-ngx/pull/6739
- https://github.com/paperless-ngx/paperless-ngx/releases/tag/v2.8.6
- https://github.com/paperless-ngx/paperless-ngx/security/advisories/GHSA-72w4-hxq
- https://github.com/paperless-ngx/paperless-ngx/commit/ed05b40ba461641b1b59b0a92f
- https://github.com/paperless-ngx/paperless-ngx/pull/6739
- https://github.com/paperless-ngx/paperless-ngx/releases/tag/v2.8.6
- https://github.com/paperless-ngx/paperless-ngx/security/advisories/GHSA-72w4-hxq
FAQ
What is CVE-2024-35184?
CVE-2024-35184 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allo...
How severe is CVE-2024-35184?
CVE-2024-35184 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-35184?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.