UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Privilege Escalation
NVD
GitHub
CVSS 4.0
9.4
EPSS
0.1%
Permission control vulnerability in the memory management module. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Information Disclosure
Harmonyos
NVD
CVSS 3.1
9.3
EPSS
0.0%