Lucene search
HistoryMar 02, 2024 - 10:15 p.m.
CVE-2024-0795
instance access
admin role
manager role
backend authentication
user creation
elevated privileges
security vulnerability
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance
Related
cvelist
cvelist
CVE-2024-0795 Create user API role not enforced
2024-03-02 21:16:46
osv
osv
CVE-2024-0795
2024-03-02 22:15:49
cve
cve
CVE-2024-0795
2024-03-02 22:15:49
prion
prion
Authentication flaw
2024-03-02 22:15:00
vulnrichment
vulnrichment
CVE-2024-0795 Create user API role not enforced
2024-03-02 21:16:46
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-0795