Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-8HW9-22V6-9JR9
HistoryApr 19, 2021 - 3:14 p.m.

Any logged in user could edit any other logged in user.

2021-04-1915:14:33
Google
osv.dev
9
security patch
access control
user privilege

EPSS

0.001

Percentile

22.7%

JSON

Impact

Everyone who is running a12n-server.

A new HAL-Form was added to allow editing users. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change.

Patches

Patched in v0.18.2

Related

nvd 1
cvelist 1
osv 1
github 1
prion 1
veracode 1
cve 1
nvd
nvd
CVE-2021-29452
2021-04-16 22:15:14
cvelist
cvelist
CVE-2021-29452 Any logged in user could edit any other logged in user.
2021-04-16 21:35:15
osv
osv
CVE-2021-29452
2021-04-16 22:15:14
github
github
Any logged in user could edit any other logged in user.
2021-04-19 15:14:33
prion
prion
Authentication flaw
2021-04-16 22:15:00
veracode
veracode
Insecure Access Controls
2021-04-19 06:09:58
cve
cve
CVE-2021-29452
2021-04-16 22:15:14

EPSS

0.001

Percentile

22.7%

JSON
Related for OSV:GHSA-8HW9-22V6-9JR9
nvd1cvelist1osv1github1prion1veracode1cve1