CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...

PT-2025-7484 · Openvsx · Openvsx

Name of the Vulnerable Software and Affected Versions: OpenVSX versions v0.9.0 through v0.20.0 Description: The issue allows a user to edit all namespace details, including name, description, website, support link, and social media links, even if the user is not a namespace Owner or Contributor...