CVE-2021-28579: 
NixOS vulnerability analysis and mitigation

Adobe Connect version 11.2.1 and earlier versions were affected by an Improper Access Control vulnerability, identified as CVE-2021-28579. The vulnerability was disclosed on June 8, 2021, and affects Adobe Connect's access control mechanisms (NVD, Adobe Advisory).

The vulnerability is classified as an Improper Access Control issue (CWE-284) that could lead to privilege elevation. The vulnerability has a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility with low attack complexity and requiring low privileges (NVD).

The vulnerability allows an attacker with 'Learner' permissions to access the list of event participants, potentially compromising the confidentiality of participant information (NVD).

Adobe has addressed this vulnerability by releasing version 11.2.2 of Adobe Connect. Users are advised to update to this version or later to mitigate the vulnerability (Adobe Advisory).

The vulnerability was reported by security researcher known as 'kickass (janthraper)', who worked with Adobe to address the issue (Adobe Advisory).