Описание
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
Ссылки
- Broken Link
- Permissions Required
- Not Applicable
- Press/Media CoverageThird Party Advisory
- Press/Media CoverageThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2025-09-06 (включая)
cpe:2.3:a:rbi:restaurant_brands_international_assistant:*:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00047
Низкий
5.8 Medium
CVSS3
8.6 High
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.8
github
4 месяца назад
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
EPSS
Процентиль: 14%
0.00047
Низкий
5.8 Medium
CVSS3
8.6 High
CVSS3
Дефекты
CWE-862