controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HMitre Cve Services
APPMitre1.1.1
Related vulnerabilities
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data...
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands wh...
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name paramet...
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when gen...
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-adm...