HIGH🇵🇱 Wersja polska

CVE-2021-46561

CVSS 7.2v3.1pub. 2022-01-26upd. 2024-11-21

controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Mitre Cve Services

    APP
    Mitre
    1.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-31004HIGH7.5ten sam vendor

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data...

CVE-2021-42559HIGH8.8ten sam vendor

An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands wh...

CVE-2021-42561HIGH8.8ten sam vendor

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name paramet...

CVE-2021-42560HIGH8.8ten sam vendor

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when gen...

CVE-2021-42562HIGH8.1ten sam vendor

An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-adm...