Dust: Privilege Escalation in Edit and Create Secret Endpoints Leads to Unauthorized Secret Modification

The vulnerability allows a user with the Builder role to list all existing secret names, create new secrets, and overwrite existing secrets by using the same name. This behavior violates permission boundaries and leads to privilege escalation and unauthorized access to sensitive data...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the MFAUserAccountSetupMVCActionCommand class that allows an authenticated used to deny service to another user by enabling the Time-based One-time password TOTP feature for their account, or by modifying the...