2 matches found
CVE-2024-58363
SurrealDB prior to 1.5.4 contains an authentication validation flaw when a scope user switches databases with USE or the use method. If an authenticated session encounters a user identifier that exists in a different database, an attacker can impersonate an unrelated user in that database, enabli...
CVE-2024-58363
SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...