Lucene search

K
githubGitHub Advisory DatabaseGHSA-5V95-V8C8-3RH6
HistoryMay 21, 2021 - 2:32 p.m.

Privilege escalation in rbac

2021-05-2114:32:55
CWE-276
GitHub Advisory Database
github.com
33

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.4%

Impact

Using a carefully crafted request or malicious proxy, a user with UserWrite permissions could create another user with higher privileges than their own due to insufficient checks on the allowed set of permissions. The event would be captured in the Event Log.

Patches

The issue has been fixed in 0.24.0 and 0.23.1.

Workarounds

For users who are unable to upgrade, we recommend auditing users who have UserWrite permissions and regularly reviewing the Event Log for malicious activity.

Kudos

Thank you to Michael Mazzolini (Ethical Hacker at WHO) for finding and disclosing this vulnerability.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.4%

Related for GHSA-5V95-V8C8-3RH6