4 matches found
CVE-2024-0795 Create user API role not enforced
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...
CVE-2024-0795 Create user API role not enforced
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...
CVE-2024-0795 Create user API role not enforced
If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...
CVE-2024-0795
CVE-2024-0795 describes a backend authentication/authorization flaw: if an attacker has admin or manager access, there is no backend check to prevent creating a new admin user, enabling privilege escalation. Multiple sources assign a high impact (CVSS ~7.2). The exact affected products/versions a...