| タイトル | Pangolin <=1.15.4 Improper Access Controls |
|---|
| 説明 | The Pangolin version of <= 1.15.4 is vulnerable to a cross-organization privilege escalation. This vulnerability allows an attacker with addUserRole permissions to escalate privileges by assigning arbitrary roles to any user, including themselves, across any organization. This vulnerability fundamentally collapses Pangolin’s multi-tenant security architecture, enabling attackers to seize unauthorized administrative control across all organizations and leading to massive cross-tenant data breaches and total system compromise. Please update to 1.15.4-s.1 |
|---|
| ソース | ⚠️ https://gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7 |
|---|
| ユーザー | h3nrrrych4u (UID 95805) |
|---|
| 送信 | 2026年02月23日 03:26 (1 月 ago) |
|---|
| モデレーション | 2026年02月25日 17:40 (3 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 347796 [fosrl Pangolin 迄 1.15.4-s.3 Role verifyRoleAccess/verifyApiKeyRoleAccess 特権昇格] |
|---|
| ポイント | 20 |
|---|