3 matches found
CVE-2021-38617
Eigen NLP 3.10.1 is affected. The issue stems from a lack of access control on the /auth/v1/user/ endpoint, allowing a standard user to create a superuser with a defined password, enabling privilege escalation. The CVSS data in the linked records indicates a high-severity impact (CVSS 3.1 base sc...
CVE-2021-38615
CVE-2021-38615 affects Eigen NLP 3.10.1, where a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint lets any logged-in user (guest, standard, or admin) view and modify information. The issue is tied to an insecure SSO config endpoint rather than to multiple products; CV...
CVE-2021-38616
CVE-2021-38616 affects Eigen NLP 3.10.1. The vulnerability arises from a lack of access control on the /auth/v1/user/{user-guid}/ endpoint, permitting a logged-in user to modify their own permissions via a user_permissions array in a PATCH request, and potentially allow a guest to modify other us...