Impact
The vulnerability is an incorrect access control flaw in the "/{form}/webhooks/{webhook}" endpoint of Deck9 Input, which allows authenticated attackers to modify or delete another tenant’s webhook by crafting an HTTP request. The weakness is a classic privilege‑escalation issue classified as CWE‑284.
Affected Systems
The product affected is Deck9 Input version 2.0.1 from the vendor Deck9. Users relying on this version are vulnerable unless they upgrade to a patched release. No other versions or vendors are listed as affected.
Risk and Exploitability
The CVSS base score of 8.1 marks this as a high‑severity vulnerability. The EPSS score is below 1 %, indicating a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires authenticated access; an attacker would need valid credentials to send a crafted request to the vulnerable endpoint.
OpenCVE Enrichment