PT-2023-27927 · Cerebrate · Cerebrate
Published
2023-08-28
·
Updated
2023-08-31
·
CVE-2023-41363
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cerebrate version 1.14
Description
A vulnerability in the UserSettingsController allows authenticated users to change user settings of other users.
Recommendations
For Cerebrate version 1.14, consider restricting access to the UserSettingsController until a patch is available. As a temporary workaround, limit the ability of authenticated users to modify user settings to prevent unauthorized changes.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cerebrate