3 matches found
CVE-2021-43828
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...
CVE-2021-43828 Improper Privilege Management in Patrowl
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...
CVE-2021-43828
PatrOwl PatrowlManager contains an IDOR in versions prior to 1.77/1.7.7 that lets unauthenticated users download all finding import files. The files are stored in /media/imports//, with predictable owner_id and tmp_file formats (e.g., import__.json), enabling unauthorized access to the import fin...