CVE-2021-29452

Improper Privilege Management in npm/a12n-server

Identifier

CVE-2021-29452

Package Slug

npm/a12n-server

Vulnerability

Improper Privilege Management

Description

A new HAL-Form was added to allow editing users This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change.

Affected Versions

All versions starting from 0.18.0 before 0.18.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-04-30

source