CVE-2021-38616

Name of the Vulnerable Software and Affected Versions Eigen NLP version 3.10.1

Description A lack of access control on the "/auth/v1/user/{user-guid}/" user edition endpoint could permit any logged-in user to increase their own permissions via a user permissions array in a PATCH request. A guest user could modify other users' profiles and more.

Recommendations For Eigen NLP version 3.10.1, restrict access to the "/auth/v1/user/{user-guid}/" endpoint to prevent unauthorized modifications, and consider implementing proper access control to prevent users from increasing their own permissions via the user permissions array. At the moment, there is no information about a newer version that contains a fix for this vulnerability.