Описание
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the
ABUP Cloud Update Platform.
EPSS
Процентиль: 17%
0.00053
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-266
Связанные уязвимости
CVSS3: 6.8
github
9 месяцев назад
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform.
EPSS
Процентиль: 17%
0.00053
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-266