RSS   Vulnerabilities for 'Natural language processing'   RSS

2021-09-07
 
CVE-2021-38615

CWE-863
 

 
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information.

 
 
CVE-2021-38616

CWE-863
 

 
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.

 
 
CVE-2021-38617

CWE-863
 

 
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation.

 


Copyright 2024, cxsecurity.com

 

Back to Top