CVE-2019-11218

Name of the Vulnerable Software and Affected Versions Bonobo Git Server versions prior to 6.5.0

Description The issue arises from improper handling of extra parameters in the AccountController, specifically in the User Profile edit functionality. This allows authenticated users to submit additional form parameters and potentially gain application administrator privileges.

Recommendations For versions prior to 6.5.0, update to version 6.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the User Profile edit functionality in the AccountController to prevent potential exploitation.