CVE-2021-38616

CVE-2021-38616

by mathildeexlm

Abstract Advisory Information

A lack of access control on the user edition endpoint could

permit any logged-in user to increase their own permissions.

Authors: Thomas Pianezzola

 

Version affected

Name: Eigen NLP

Versions: 3.10.1

 

Common Vulnerability Scoring System

7.6

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

 

Patches

Unknown

 

References

 

Vulnerability Disclosure Timeline

  • 11/05/2021: Vulnerability discovery
  • 28/05/2021: Vulnerability Report to CERT-XLM
  • 28/05/2021: Vulnerability Report to Eigen NLP
  • 15/06/2021: Call to get email contact. Awaiting for them to reach us back
  • 29/06/2021: As no answer, call again to get email contact. Gave again email address to be reached back
  • 15/07/2021: Called press number and being redirected to contact email address
  • 06/08/2021: Contacted email address (last attempt to get in touch)
  • 13/08/2021: Request CVE IDs to Mitre
  • 1/09/2021: Expected Vulnerability disclosure
Top