| Titel | https://www.tduckcloud.com tduck-platform commit e71c1e5 Improper Access Controls |
|---|
| Beschreibung | A vertical privilege escalation vulnerability exists in the latest version of tduck-platform. An attacker with a normal user account can exploit this flaw to bypass authorization checks and access sensitive management APIs under the /manage/ path, which should only be accessible by administrators. |
|---|
| Quelle | ⚠️ https://github.com/TDuckCloud/tduck-platform/issues/28 |
|---|
| Benutzer | RacerZ (UID 88457) |
|---|
| Einreichung | 28.07.2025 15:30 (vor 11 Monaten) |
|---|
| Moderieren | 08.08.2025 17:27 (11 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 319261 [TDuckCloud tduck-platform bis 5.1 /manage/ preHandle erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|