Home > Vulnerability Database > WS-2022-0347

Mend.io Vulnerability Database

WS-2022-0347

Good to know:

Date: September 16, 2022

Full Account Takeover via Improper Authorization in immich-app/immich. Immich does not check for admin privileges when setting account passwords. This allows any user to set the password for any account, thus allowing privilege escalation by admin account takeover.

Language: TYPE_SCRIPT

Severity Score

8.8

Related Resources (2)

Url: https://github.com/immich-app/immich/commit/ece94f6bdcfc7377b5db52be6bcb2700bbdd0e77

Url: https://www.mend.io/vulnerability-database/WS-2022-0347

Severity Score

8.8

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version v1.29.1_43-dev

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2022-0347

Good to know:

Date: September 16, 2022

Language: TYPE_SCRIPT

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?