exploitDog

GHSA-qv7g-5jm3-2q8q

Опубликовано: 22 сент. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.

Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.

Ссылки

EPSS

Процентиль: 36%

0.00151

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-400

Связанные уязвимости

CVE-2024-47210

CVSS3: 8.8

nvd

больше 1 года назад

Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.

EPSS

Процентиль: 36%

0.00151

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-400