Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/07/24 12:23 a.m.14 views

CVE-2025-51479

Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...

5.4CVSS6.4AI score0.0028EPSS
Exploits1References1
NVD
NVD
added 2025/07/22 7:15 p.m.24 views

CVE-2025-51479

Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...

5.4CVSS0.0028EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/07/22 12:0 a.m.14 views

CVE-2025-51479

Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...

0.0028EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/07/22 12:0 a.m.5 views

CVE-2025-51479

Authorization bypass in updateusergroup in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the /api/manage/admin/user-group/id endpoint, bypassing intended curator-group assignment checks...

7AI score0.0028EPSS
Exploits1References3
CVE
CVE
added 2025/07/22 12:0 a.m.37 views

CVE-2025-51479

Onyx Enterprise Edition 0.27.0 exposes an authorization bypass in the update_user_group function of onyx-dot-app. Remote authenticated attackers can modify arbitrary user groups by sending crafted PATCH requests to /api/manage/admin/user-group/id, bypassing curator-group assignment checks. Docume...

5.4CVSS7AI score0.0028EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder