CVE-2021-46561

Name of the Vulnerable Software and Affected Versions CVE Services API version 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304

Description The issue allows an organizational administrator to transfer a user account to an arbitrary new organization, achieving unintended access within the context of that new organization. This is related to the controller/org.controller/org.controller.js file.

Recommendations For CVE Services API version 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304, update to a version after 5c50baf3bda28133a3bc90b854765a64fb538304 to resolve the issue. As a temporary workaround, consider restricting the ability to transfer user accounts to arbitrary new organizations until a patch is available.