Lucene search
Veracode Vulnerability DatabaseVERACODE:5935HistoryMar 19, 2018 - 5:59 a.m.
Privilege Escalation
2018-03-1905:59:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.001 Low
EPSS
Percentile
50.1%
github.com/tridentli/pitchfork is vulnerable to privilege escalation. The vulnerability exists due to an issue where permissions are mapped, allowing any authenticated user to set the System Administrator permissions on their account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/tridentli/pitchfork | eq | 1.4.5 | |
| github.com/tridentli/pitchfork | eq | HEAD |
References
github.com/tridentli/pitchfork/commit/33549f15707801099e1253dd5e79369bd48eb59b
github.com/tridentli/pitchfork/commit/9fd07cbe4f93e1367e142016e9a205366680dd54
github.com/tridentli/pitchfork/issues/168
github.com/tridentli/trident/releases/tag/DEV_1.4.6-RC2
thomas-ward.net/security-advisories/trident-trusted-communications-platform-privilege-escalation-issue-advisory/
Related
cve
cve
CVE-2018-1000133
2022-10-03 16:21:59
nvd
nvd
CVE-2018-1000133
2018-03-16 14:29:44
cvelist
cvelist
CVE-2018-1000133
2022-10-03 16:21:59
prion
prion
Design/Logic Flaw
2018-03-16 14:29:00
osv
osv
CVE-2018-1000133
2018-03-16 14:29:44