CVE-2024-31525

{"id": "CVE-2024-31525", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2025-03-05T19:15:37.340", "references": [{"url": "https://cwe.mitre.org/data/definitions/285.html", "source": "[email protected]"}, {"url": "https://github.com/Peppermint-Lab/peppermint/issues/258", "source": "[email protected]"}, {"url": "https://github.com/Peppermint-Lab/peppermint/issues/258", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result, for example, in creating a new admin user in the system which enables persistent access for the attacker as an administrator."}, {"lang": "es", "value": "Peppermint Ticket Management 0.4.6 es vulnerable a un control de acceso incorrecto. Un usuario registrado normal puede elevar sus privilegios a administrador y obtener acceso completo al sistema, ya que el mecanismo de autorizaci\u00f3n no est\u00e1 validado en el lado del servidor, sino solo en el lado del cliente. Esto puede dar como resultado, por ejemplo, la creaci\u00f3n de un nuevo usuario administrador en el sistema que permite el acceso persistente para el atacante como administrador."}], "lastModified": "2025-03-06T15:15:15.607", "sourceIdentifier": "[email protected]"}