An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role.
References
Link | Resource |
---|---|
https://www.gruppotim.it/it/footer/red-team.html | Exploit Third Party Advisory |
https://www.gruppotim.it/it/footer/red-team.html | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory |
Information
Published : 2023-04-14 14:15
Updated : 2024-11-21 07:28
NVD link : CVE-2022-45178
Mitre link : CVE-2022-45178
CVE.ORG link : CVE-2022-45178
JSON object : View
Products Affected
liveboxcloud
- vdesk
CWE