Lucene search
Veracode Vulnerability DatabaseVERACODE:40543HistoryMay 16, 2023 - 6:38 a.m.
Privilege Escalation
2023-05-1606:38:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
n8n
privilege escalation
vulnerability
object checks
user object
`updatecurrentuser` method
mecontroller class
authenticated user
EPSS
0.002
Percentile
54.3%
n8n is vulnerable to Privilege Escalation. The vulnerability is due to a lack of object checks when merging the user supplied fields with the server object. The privilege escalation vulnerability occurs whenever the updateCurrentUser method of the MeController class merges a user object with an object under the user’s control without running through all the necessary checks. Any property added to the HTTP request body using this object will be merged into the user object without being validated, allowing an authenticated user to modify it.
Related
osv
osv
CVE-2023-27563
2023-05-10 15:15:09
n8n Privilege Escalation vulnerability
2023-05-10 15:30:22
cvelist
cvelist
CVE-2023-27563
2023-05-10 00:00:00
github
github
n8n Privilege Escalation vulnerability
2023-05-10 15:30:22
prion
prion
Code injection
2023-05-10 15:15:00
nvd
nvd
CVE-2023-27563
2023-05-10 15:15:09
cve
cve
CVE-2023-27563
2023-05-10 15:15:09