Incorrect Permission Assignment for Critical Resource
CVE-2022-34112
Summary
An access control issue in the component "/api/plugin/uninstall" Dataease before v1.11.2 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- NONE
- NONE
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References
Advisory Timeline
- Published