PT-2021-22249 · Eigen Nlp · Eigen Nlp

Thomas Pianezzola

Published

2021-09-07

Updated

2022-07-12

CVE-2021-38617

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eigen NLP version 3.10.1

Description The issue is related to a lack of access control on the "/auth/v1/user/" endpoint, which allows a standard user to create a super user account with a defined password. This leads to privilege escalation.

Recommendations For Eigen NLP version 3.10.1, restrict access to the "/auth/v1/user/" endpoint to prevent standard users from creating super user accounts until a patch is available. Consider implementing proper access controls to prevent privilege escalation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-38617

Affected Products

Eigen Nlp

PT-2021-22249 · Eigen Nlp · Eigen Nlp

CVE-2021-38617

Related Identifiers

Affected Products

References · 7