High severity8.8NVD Advisory· Published Sep 21, 2024· Updated Apr 15, 2026

CVE-2024-47210

Description

Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.

Patches

1f7617c2fb47

https://github.com/GladysAssistant/Gladysvia osv

344ad9b8ca30

https://github.com/GladysAssistant/Gladysvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/GladysAssistant/Gladys/commit/344ad9b8ca3078d9292dd95f2dd7b9172bc6ebbenvd
github.com/GladysAssistant/Gladys/compare/v4.45.0...v4.45.1nvd
github.com/GladysAssistant/Gladys/pull/2115nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000