Описание
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/:id to set the is_admin field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3.
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.3 (исключая)
cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*
EPSS
Процентиль: 92%
0.08061
Низкий
8.8 High
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
debian
9 месяцев назад
Joplin is a free, open source note taking and to-do application, which ...
EPSS
Процентиль: 92%
0.08061
Низкий
8.8 High
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo