| Название | Pangolin <=1.15.4 Improper Access Controls |
|---|
| Описание | The Pangolin version of <= 1.15.4 is vulnerable to a cross-organization privilege escalation. This vulnerability allows an attacker with addUserRole permissions to escalate privileges by assigning arbitrary roles to any user, including themselves, across any organization. This vulnerability fundamentally collapses Pangolin’s multi-tenant security architecture, enabling attackers to seize unauthorized administrative control across all organizations and leading to massive cross-tenant data breaches and total system compromise. Please update to 1.15.4-s.1 |
|---|
| Источник | ⚠️ https://gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7 |
|---|
| Пользователь | h3nrrrych4u (UID 95805) |
|---|
| Представление | 23.02.2026 03:26 (1 месяц назад) |
|---|
| Модерация | 25.02.2026 17:40 (3 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 347796 [fosrl Pangolin до 1.15.4-s.3 Role verifyRoleAccess/verifyApiKeyRoleAccess эскалация привилегий] |
|---|
| Баллы | 20 |
|---|