You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Learn more on MITRE.
SamirWaleed Reporter
Summary
A low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface.
PoC
A low-permission user sends a crafted API request to the user-creation endpoint and the system creates the account successfully.
Impact
This allows attackers to create unauthorized accounts