Lucene search
K

108 matches found

RedhatCVE
RedhatCVE
added 2025/03/29 12:24 a.m.19 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS7.1AI score0.00289EPSS
Exploits1References1
NVD
NVD
added 2025/03/27 8:15 p.m.15 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.1CVSS0.00237EPSS
Exploits1References2
NVD
NVD
added 2025/03/27 7:15 p.m.14 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS0.00289EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.5 views

Mealie 安全漏洞

Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A security vulnerability exists in Mealie v2.2.0 that stems from improper object-level authorization...

7.6CVSS6.7AI score0.00289EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/27 12:0 a.m.5 views

PT-2025-13393 · Unknown · Hay-Kot Mealie

Name of the Vulnerable Software and Affected Versions: hay-kot mealie version 2.2.0 Description: A Broken Object Level Authorization vulnerability in the component "/api/users/user-id" of hay-kot mealie allows users to edit their own profile in order to give themselves more permissions or to chan...

7.6CVSS6.4AI score0.00289EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.7 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.9AI score0.00237EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.9 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

5.5AI score0.00268EPSS
Exploits1References2
OSV
OSV
added 2025/03/27 12:0 a.m.7 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

5.4CVSS6.7AI score0.00268EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.10 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.4AI score0.00289EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.19 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

0.00268EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.12 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

0.00237EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.22 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

0.00289EPSS
Exploits1References2
CVE
CVE
added 2025/03/27 12:0 a.m.55 views

CVE-2024-55070

CVE-2024-55070 affects hay-kot mealie v2.2.0. The vulnerability is a Broken Object Level Authorization in the component at /households/permissions, enabling group managers to edit their own permissions. Documented impact is limited to this privilege escalation vector (group managers changing thei...

3.1CVSS6.5AI score0.00237EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/03/27 12:0 a.m.84 views

CVE-2024-55072

CVE-2024-55072 affects hay-kot Mealie v2.2.0. The issue is Broken Object Level Authorization in the /api/users/{user-id} endpoint, allowing a user to edit their own profile to grant themselves more permissions or alter their household. The root cause is improper access control on user objects, en...

5.4CVSS5.5AI score0.00268EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/01/23 1:58 p.m.13 views

Broken Object Level Authorization

Indico is vulnerable to a Broken Object Level Authorization BOLA vulnerability. The vulnerability is due to insufficient access control in the /api/principals component, which allows attackers to retrieve information about other user accounts by sending crafted POST requests...

7.5CVSS6.7AI score0.00603EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2025/01/16 6:31 p.m.10 views

GHSA-3WG7-R7Q5-R2JF Indico Insecure Access

A Broken Object Level Authorization BOLA vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals...

6.9CVSS3.4AI score0.00603EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2025/01/16 6:31 p.m.14 views

Indico Insecure Access

A Broken Object Level Authorization BOLA vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals...

7.5CVSS6.3AI score0.00603EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2025/01/16 6:15 p.m.20 views

CVE-2024-50633

A Broken Object Level Authorization BOLA vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain...

7.5CVSS0.00603EPSS
Exploits2References2
OSV
OSV
added 2025/01/16 12:0 a.m.5 views

CVE-2024-50633

A Broken Object Level Authorization BOLA vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain...

6.3AI score0.00603EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/01/16 12:0 a.m.15 views

CVE-2024-50633

A Broken Object Level Authorization BOLA vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain...

0.00603EPSS
Exploits2References2
Rows per page
Query Builder