We found results for “”
WS-2022-0347
Good to know:
Date: September 16, 2022
Full Account Takeover via Improper Authorization in immich-app/immich. Immich does not check for admin privileges when setting account passwords. This allows any user to set the password for any account, thus allowing privilege escalation by admin account takeover.
Language: TYPE_SCRIPT
Severity Score
Severity Score
Weakness Type (CWE)
Improper Authorization
CWE-285Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |