What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0.
Explanation of Vulnerability in Simple Terms
Progress Planner versions 1.8.0 and earlier contain an insufficient privilege validation flaw. An authenticated user with low-level access can read, modify, or delete data and functionality they should not have access to. The vulnerability requires a valid user account but no additional user interaction. Organizations running affected versions should update immediately.
What an attacker can do
Read, modify, or delete sensitive data and application functionality without proper authorization.
Potential impact on your site
Authenticated users can access or alter data and settings beyond their assigned role, risking data breach and system compromise.
Conditions required to exploit
Attacker must have a valid user account with low-level privileges on the application.
Key dates
External resources
Related vulnerabilities