Ziti
Monthly
Privilege escalation in OpenZiti through 2.0.0 lets an authenticated non-admin identity that holds fine-grained enrollment-management permissions mint an enrollment for any identity - including the built-in default administrator - and then redeem the resulting one-time token via the unauthenticated client enrollment API to receive a client certificate that authenticates as that admin, granting full control of the controller and the entire zero-trust overlay. The root cause is a missing authorization check (CWE-862) in the enrollment creation path. Publicly available exploit details exist (reported by VulnCheck, GitHub issue #4010) and a vendor fix is available; no public exploit identified as actively used at time of analysis.
Privilege escalation in OpenZiti through 2.0.0 lets an authenticated non-admin identity that holds fine-grained enrollment-management permissions mint an enrollment for any identity - including the built-in default administrator - and then redeem the resulting one-time token via the unauthenticated client enrollment API to receive a client certificate that authenticates as that admin, granting full control of the controller and the entire zero-trust overlay. The root cause is a missing authorization check (CWE-862) in the enrollment creation path. Publicly available exploit details exist (reported by VulnCheck, GitHub issue #4010) and a vendor fix is available; no public exploit identified as actively used at time of analysis.