CVE-2024-47210

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 21, 2024
Updated: Sep 26, 2024
CWE ID 400

Summary

CVE-2024-47210 is a vulnerability in Gladys Assistant prior to version 4.45.1 that allows for privilege escalation, enabling users to change their own roles. Affected products include various Gladys Assistant installations identified by model numbers such as y1Q-9B, y1Q-8_, and y02Id0 through y02Idz. The vulnerability arises from the misuse of req.body.role in the updateMySelf function within the user.controller.js file. To remediate this issue, organizations should upgrade to Gladys Assistant version 4.45.1 or later to prevent unauthorized role changes. This vulnerability poses significant risks, including potential integrity and confidentiality impacts due to the high exploitability score of 8.8, indicating a serious threat if exploited.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share