CVE-2020-15952

Name of the Vulnerable Software and Affected Versions Immuta version 2.8.2

Description The issue allows a low-privileged user to escalate privileges to administrative permissions through stored XSS. Additionally, unauthenticated attackers can exploit reflected, DOM-based XSS to phish unauthenticated Immuta users, potentially stealing credentials or forcing actions on authenticated users.

Recommendations For Immuta version 2.8.2, consider disabling the functionality that allows user input to be stored and displayed, as a temporary workaround to mitigate the risk of stored XSS exploitation. Restrict access to sensitive areas of the application to minimize the risk of privilege escalation. Avoid using the application until a fix is available to prevent potential phishing attacks through reflected, DOM-based XSS. At the moment, there is no information about a newer version that contains a fix for this vulnerability.