PT-2026-51500 · Cap Go · Cap-Go
Zerlyer
·
Publicado
2026-06-23
·
Atualizado
2026-06-23
·
CVE-2026-56222
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role bindings that fails to verify app id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by other organizations, enabling unauthorized read and modification of victim applications.
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cap-Go