CVE-2024-25632

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.1.0

Description The issue allows a regular user to become an administrator of a team where they are a member, under a reasonable configuration. In versions subsequent to v5.0.0, it may also allow an initially unauthenticated user to gain administrative privileges over an arbitrary team. This does not affect system administrator status.

Recommendations For versions prior to 5.1.0, users should upgrade to version 5.1.0. System administrators are advised to turn off local user registration, saml team create, and not allow administrators to import users into teams, unless strictly required.