PT-2018-9307 · Trident · Pitchfork
Published
2018-03-16
·
Updated
2019-10-03
·
CVE-2018-1000133
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Pitchfork version 1.4.6 RC1
Description:
The issue is related to improper privilege management in Trident Pitchfork components, allowing a standard unprivileged user to gain system administrator permissions within the web portal. This can be exploited by a user who can login and edit their profile, enabling them to set the
System Administrator permission to yes on themselves.Recommendations:
For Pitchfork version 1.4.6 RC1, update to version 1.4.6 RC2 to resolve the issue.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pitchfork