Unrated severityNVD Advisory· Published Feb 19, 2025· Updated Feb 19, 2025

Improper Authorization in /user/namespace/{namespace}/details

CVE-2025-1007

Description

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo.

Affected products

Eclipse OpenVSX/OpenVSXllm-create
Range: >=0.9.0 <=0.20.0
Eclipse Foundation/OpenVSXv5
Range: 0.9.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/eclipse/openvsx/security/advisories/GHSA-wc7c-xq2f-qp4hmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000