RSS   Vulnerabilities for 'A12n-server'   RSS

2021-04-16
 
CVE-2021-29452

CWE-269
 

 
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2.

 


Copyright 2021, cxsecurity.com

 

Back to Top