Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 6:28 p.m.12 views

Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Summary /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders builder.apps set but builder.global unset. The controller th...

9CVSS5.4AI score0.00292EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:58 p.m.9 views

CVE-2026-48150

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS5.8AI score0.00292EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 4:58 p.m.15 views

CVE-2026-48150 Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS5.8AI score0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-44061

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An issue exists in the open-source low-code platform where the '/api/public/v1/roles/assign' endpoint is guarded by the builderOrAdmin middleware. This middleware allows any user who is a builder f...

9CVSS5.8AI score0.00292EPSS
Exploits0References8
Rows per page
Query Builder