3 matches found
CVE-2026-29789
Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...
CVE-2026-29789 Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification
Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...
CVE-2026-29789
Summary: Vito (self-hosted web app) suffers a cross-project privilege escalation due to a missing authorization check in workflow site-creation actions. Affected versions: prior to 3.20.3. Impact: an authenticated user with workflow write access in one project can create/manage sites on servers b...