PT-2024-33353 · Unknown · Madiri Salman Aashish
João Pedro S Alcântara
·
Published
2024-10-17
·
Updated
2024-11-06
·
CVE-2024-49217
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Madiri Salman Aashish versions n/a through 1.1
Description
The issue is related to Incorrect Privilege Assignment in the registration system, allowing Privilege Escalation when adding drop down roles. This can be exploited due to the incorrect assignment of privileges.
Recommendations
For versions n/a through 1.1, consider disabling the role addition feature in the registration system until a patch is available to prevent Privilege Escalation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Madiri Salman Aashish