exploitDog

GHSA-xh4p-6jqr-58x9

Опубликовано: 28 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 9.4

Описание

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.

Ссылки

EPSS

Процентиль: 17%

0.00052

Низкий

9.4 Critical

CVSS4

CVE ID

Дефекты

CWE-472

Связанные уязвимости

CVE-2025-66385

nvd

2 месяца назад

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.

EPSS

Процентиль: 17%

0.00052

Низкий

9.4 Critical

CVSS4

CVE ID

Дефекты

CWE-472