CVE-2024-31525
CVE-2024-31525
Título es
CVE-2024-31525
Mié, 05/03/2025 – 19:15
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-31525
Descripción en
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result, for example, in creating a new admin user in the system which enables persistent access for the attacker as an administrator.
05/03/2025
05/03/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis
Referencias
https://cwe.mitre.org/data/definitions/285.html
https://github.com/Peppermint-Lab/peppermint/issues/258
Enviar en el boletín
Off
