Описание
In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.
Уязвимые конфигурации
Конфигурация 1Версия до 1.25.0 (исключая)
cpe:2.3:a:gatling:gatling:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 17%
0.00052
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.3
github
6 месяцев назад
In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.
EPSS
Процентиль: 17%
0.00052
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862