← Back to CVE List
CVE-2023-45228
The application suffers from improper access control when editing users.
A user with read permissions can manipulate users, passwords, and
permissions by sending a single HTTP POST request with modified
parameters.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt