Home

Description

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege.

PUBLISHED Reserved 2022-05-09 | Published 2024-10-25 | Updated 2024-10-29 | Assigner mitre

References

cve.offsecguy.com/...ge/vulnerabilities/privilege-escalation

cve.org (CVE-2022-30356)

nvd.nist.gov (CVE-2022-30356)

Download JSON