An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

Wed, 18 Sep 2024 19:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other

Tue, 13 Aug 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Owasp
Owasp defectdojo
Weaknesses CWE-269
CPEs cpe:2.3:a:owasp:defectdojo:*:*:*:*:*:*:*:*
Vendors & Products Owasp
Owasp defectdojo
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 12 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
Description An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-13T18:29:24.463Z

Reserved: 2023-11-13T00:00:00

Link: CVE-2023-48171

cve-icon Vulnrichment

Updated: 2024-08-13T18:29:13.572Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-12T20:15:08.213

Modified: 2024-09-18T18:54:08.080

Link: CVE-2023-48171

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.