Описание
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
It was found that JBoss Operations Network allowed regular users to add a new super user by sending a specially crafted request to the web console. This attacks allows escalation of privileges.
Дополнительная информация
Статус:
9.9 Critical
CVSS3
6.5 Medium
CVSS2
Связанные уязвимости
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
9.9 Critical
CVSS3
6.5 Medium
CVSS2