Privilege escalation

2019-11-0818:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.

CPENameOperatorVersion
energycapge7.0.0
energycaple7.5.6

CPE	Name	Operator	Version
	energycap	ge	7.0.0
	energycap	le	7.5.6

References

energycap.freshdesk.com/helpdesk/attachments/31016649523

energycap.freshdesk.com/support/solutions/articles/31000152837-2019-october-24-security-incident-notification-issue-with-public-dashboards-found-and-resolved