What the vulnerability does

01Description

A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.

Key dates

02Disclosure timeline

November 24, 2021 CVE published
August 3, 2024 Record updated