What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a through <= 5.1.24.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a through <= 5.1.24.
Explanation of Vulnerability in Simple Terms
Projectopia versions 5.1.24 and earlier contain a privilege escalation vulnerability that allows unauthenticated attackers to gain full control of the application over the network. The vulnerability stems from improper privilege validation (CWE-266) and requires no user interaction. All confidentiality, integrity, and availability protections are compromised.
What an attacker can do
Gain full administrative control of Projectopia without authentication and read, modify, or delete all data.
Potential impact on your site
Complete compromise of the Projectopia installation; attackers can access all user data, modify projects, and disrupt service.
Conditions required to exploit
Network access to the Projectopia instance. No authentication or user interaction required.
Key dates
External resources