CVE-2024-31525

Name of the Vulnerable Software and Affected Versions Peppermint Ticket Management version 0.4.6

Description The issue concerns Incorrect Access Control, where a regular registered user can elevate their privileges to admin and gain complete access to the system. This occurs because the authorization mechanism is not validated on the server side, but only on the client side. As a result, an attacker can create a new admin user in the system, enabling persistent access as an administrator.

Recommendations For Peppermint Ticket Management version 0.4.6, consider disabling the authorization mechanism on the client side until a patch is available, and ensure that all authorization requests are validated on the server side to prevent privilege escalation. Additionally, restrict access to admin-level functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.