Количество 2
Количество 2
CVE-2025-57817
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available.
GHSA-hjfh-p8f5-24wr
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-57817 Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available. | CVSS3: 7.2 | 0% Низкий | 5 месяцев назад |
| GHSA-hjfh-p8f5-24wr Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation | CVSS3: 7.2 | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу