CVE-2021-37705

Affected software : OneFuzz self-hosted fuzzing platform. Vulnerability : Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure AD tenant to make authorized API calls on a vulnerable OneFuzz instance when deployed with the non-defau...