Impact
Bootimus through 0.1.70 contains a broken access control flaw that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function, which validates JWT tokens and account status but fails to inspect the is_admin flag. Attackers can send requests to any endpoint under the /api/users path to create new administrator accounts or reset administrator passwords, thereby gaining full control of the server and the ability to modify boot menus and installation scripts served to PXE clients. This vulnerability represents a high-risk privilege escalation that can compromise the entire system.
Affected Systems
The security issue affects the Bootimus application from garybowers, specifically releases up to and including version 0.1.70. Users running these versions should verify their installation for the presence of this flaw.
Risk and Exploitability
The CVSS score of 8.7 classifies this flaw as high severity and the EPSS score of less than 1% indicates low exploitation probability at present. The vulnerability is not listed in the CISA KEV catalog. Attackers must first authenticate as a low-privileged user; from there they can construct API requests that the JWT middleware mistakenly authorizes, enabling the creation of admin accounts and password resets. The exploit path requires access to the /api/users endpoints, so proper network segmentation and hardening of the API surface reduce exposure.
OpenCVE Enrichment