Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2024/03/02 9:16 p.m.23 views

CVE-2024-0795 Create user API role not enforced

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

7.2CVSS7.1AI score0.00945EPSS
Exploits1References2
OSV
OSV
added 2024/03/02 9:16 p.m.16 views

CVE-2024-0795 Create user API role not enforced

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

7.2CVSS7.1AI score0.00945EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/03/02 9:16 p.m.18 views

CVE-2024-0795 Create user API role not enforced

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

7.2CVSS7.2AI score0.00945EPSS
Exploits1References2
CVE
CVE
added 2024/03/02 9:16 p.m.71 views

CVE-2024-0795

CVE-2024-0795 describes a backend authentication/authorization flaw: if an attacker has admin or manager access, there is no backend check to prevent creating a new admin user, enabling privilege escalation. Multiple sources assign a high impact (CVSS ~7.2). The exact affected products/versions a...

7.2CVSS7AI score0.00945EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder