Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.
References
Link | Resource |
---|---|
https://bonobogitserver.com/changelog/#version-650 | Release Notes Third Party Advisory |
https://flab.cesnet.cz/advisories/cve-2019-11218 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-24T19:21:27
Updated: 2019-04-24T19:21:27
Reserved: 2019-04-12T00:00:00
Link: CVE-2019-11218
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-24T20:29:00.530
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-11218
JSON object: View
Redhat Information
No data.
CWE