108 matches found
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
Mealie 安全漏洞
Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A security vulnerability exists in Mealie v2.2.0 that stems from improper object-level authorization...
PT-2025-13393 · Unknown · Hay-Kot Mealie
Name of the Vulnerable Software and Affected Versions: hay-kot mealie version 2.2.0 Description: A Broken Object Level Authorization vulnerability in the component "/api/users/user-id" of hay-kot mealie allows users to edit their own profile in order to give themselves more permissions or to chan...
CVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55072
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55070
A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...
CVE-2024-55073
A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...
CVE-2024-55070
CVE-2024-55070 affects hay-kot mealie v2.2.0. The vulnerability is a Broken Object Level Authorization in the component at /households/permissions, enabling group managers to edit their own permissions. Documented impact is limited to this privilege escalation vector (group managers changing thei...
CVE-2024-55072
CVE-2024-55072 affects hay-kot Mealie v2.2.0. The issue is Broken Object Level Authorization in the /api/users/{user-id} endpoint, allowing a user to edit their own profile to grant themselves more permissions or alter their household. The root cause is improper access control on user objects, en...
Broken Object Level Authorization
Indico is vulnerable to a Broken Object Level Authorization BOLA vulnerability. The vulnerability is due to insufficient access control in the /api/principals component, which allows attackers to retrieve information about other user accounts by sending crafted POST requests...
GHSA-3WG7-R7Q5-R2JF Indico Insecure Access
A Broken Object Level Authorization BOLA vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals...
Indico Insecure Access
A Broken Object Level Authorization BOLA vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals...
CVE-2024-50633
A Broken Object Level Authorization BOLA vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain...
CVE-2024-50633
A Broken Object Level Authorization BOLA vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain...
CVE-2024-50633
A Broken Object Level Authorization BOLA vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain...