exploitDog

GHSA-7j5q-g763-3rgh

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.

Ссылки

EPSS

Процентиль: 40%

0.00186

Низкий

CVE ID

Дефекты

CWE-269

Связанные уязвимости

CVE-2020-11679

CVSS3: 8.8

nvd

больше 5 лет назад

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.

EPSS

Процентиль: 40%

0.00186

Низкий

CVE ID

Дефекты

CWE-269