OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege.
References
Link | Resource |
---|---|
https://cve.offsecguy.com/ovaledge/vulnerabilities/privilege-escalation#cve-2022-30356 | Exploit Third Party Advisory |
Configurations
History
31 Oct 2024, 16:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://cve.offsecguy.com/ovaledge/vulnerabilities/privilege-escalation#cve-2022-30356 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:ovaledge:ovaledge:*:*:*:*:*:*:*:* | |
First Time |
Ovaledge ovaledge
Ovaledge |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
29 Oct 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
28 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-25 17:15
Updated : 2024-10-31 16:31
NVD link : CVE-2022-30356
Mitre link : CVE-2022-30356
CVE.ORG link : CVE-2022-30356
JSON object : View
Products Affected
ovaledge
- ovaledge
CWE
CWE-863
Incorrect Authorization