Описание
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available.
Уязвимые конфигурации
Конфигурация 1Версия до 2.69.1 (исключая)
cpe:2.3:a:ethyca:fides:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00056
Низкий
7.2 High
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 7.2
github
5 месяцев назад
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
EPSS
Процентиль: 18%
0.00056
Низкий
7.2 High
CVSS3
Дефекты
CWE-862