EPSS
Percentile
26.1%
kevinpapst/kimai2 is vulnerable to privilege escalation. The vulnerability exists through the lack of permission checks in ‘InvoiceController.php’, allowing a malicious user to access invoices without read permissions.
github.com/kevinpapst/kimai2/commit/ff9acab0fc81f0e9490462739ef15fe4ab028ea5
github.com/kevinpapst/kimai2/pull/2965
huntr.dev/bounties/a0c438fb-c8e1-40cf-acc6-c8a532b80b93
huntr.dev/bounties/a0c438fb-c8e1-40cf-acc6-c8a532b80b93/