EPSS
Percentile
80.7%
onefuzz is vulnerable to privilege escalation. The vulnerability exists due to a lack of authorization check which allows a user to make API calls to a OneFuzz instance.
github.com/microsoft/onefuzz/commit/2fcb4998887959b4fa11894a068d689189742cb1
github.com/microsoft/onefuzz/pull/1153
github.com/microsoft/onefuzz/releases/tag/2.31.0
github.com/microsoft/onefuzz/security/advisories/GHSA-q5vh-6whw-x745
pypi.org/project/onefuzz/