CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
AnalysisAI
Uxper Golo versions prior to 1.7.5 contain an access control bypass that allows authenticated attackers to exploit improperly configured security levels to gain unauthorized access to sensitive functions and data. An attacker with valid credentials can leverage this missing authorization check to escalate privileges and perform administrative actions without proper permission validation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all systems running Golo and document their versions; isolate critical Golo instances from untrusted networks if possible. Within 7 days: Implement compensating controls (WAF rules blocking suspicious authorization attempts, network segmentation); contact vendor for patch timeline and interim guidance. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today