Privilege Escalation

2020-11-2401:04:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

12.7%

JSON

october is vulnerable to privilege escalation. Users with “Publisher” access is able to escalate their access to “Developer” due to insecure authorization in the create & manager users module.

CPENameOperatorVersion
october/octoberlev1.0.469
october/octoberlev1.0.469

CPE	Name	Operator	Version
	october/october	le	v1.0.469
	october/october	le	v1.0.469

References

github.com/advisories/GHSA-rfjc-xrmf-5vvw

github.com/octobercms/october/commit/78a37298a4ed4602b383522344a31e311402d829

github.com/octobercms/october/security/advisories/GHSA-rfjc-xrmf-5vvw

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for VERACODE:27965