Enviar #765676: Pangolin <=1.15.4 Improper Access Controlsinformación

TítuloPangolin <=1.15.4 Improper Access Controls
DescripciónThe Pangolin version of <= 1.15.4 is vulnerable to a cross-organization privilege escalation. This vulnerability allows an attacker with addUserRole permissions to escalate privileges by assigning arbitrary roles to any user, including themselves, across any organization. This vulnerability fundamentally collapses Pangolin’s multi-tenant security architecture, enabling attackers to seize unauthorized administrative control across all organizations and leading to massive cross-tenant data breaches and total system compromise. Please update to 1.15.4-s.1
Fuente⚠️ https://gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7
Usuario
 h3nrrrych4u (UID 95805)
Sumisión2026-02-23 03:26 (hace 1 mes)
Moderación2026-02-25 17:40 (3 days later)
EstadoAceptado
Entrada de VulDB347796 [fosrl Pangolin hasta 1.15.4-s.3 Role verifyRoleAccess/verifyApiKeyRoleAccess escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!