Описание
Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escalate their privileges to the highest level.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tandoor:recipes:2.0.0:alpha1:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00062
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 6.5
github
5 месяцев назад
Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escalate their privileges to the highest level.
EPSS
Процентиль: 19%
0.00062
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-269