VYPR
Unrated severityNVD Advisory· Published Mar 2, 2024· Updated Aug 15, 2024

Create user API role not enforced

CVE-2024-0795

Description

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.