PT-2025-13396 · Unknown · Hay-Kot Mealie

Published

2025-03-27

Updated

2025-03-29

CVE-2024-55070

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions hay-kot mealie version 2.2.0

Description A Broken Object Level Authorization issue in the /households/permissions component allows group managers to edit their own permissions.

Recommendations For hay-kot mealie version 2.2.0, consider restricting access to the /households/permissions component to prevent group managers from editing their own permissions until a fix is available.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2024-55070

Affected Products

Hay-Kot Mealie

PT-2025-13396 · Unknown · Hay-Kot Mealie

CVE-2024-55070

Weakness Enumeration

Related Identifiers

Affected Products

References · 7