4 matches found
CVE-2024-55072
creationtimestamp| type| source ---|---|--- 2025-03-27 19:27:00+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9187 2025-03-27 20:50:27+00:00| seen| https://t.me/cvedetector/21335...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55072
CVE-2024-55072 affects hay-kot Mealie v2.2.0. The issue is Broken Object Level Authorization in the /api/users/{user-id} endpoint, allowing a user to edit their own profile to grant themselves more permissions or alter their household. The root cause is improper access control on user objects, en...