Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.
AnalysisAI
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user. Affected products include: Netflix Dispatch.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to exec
Dispatch is an open source security incident management tool. Rated high severity (CVSS 7.5), this vulnerability is remo
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalat
There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description param
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today