Primary

Context

BlueWave Checkmate Privilege Escalation Vulnerability in Invite Request Handling

Vulnerability

A vulnerability in BlueWave Checkmate versions through 2.0.2 prior to commit d4a6072 allows invite requests to be manipulated to assign privileged roles. This issue arises from improper handling of invitation tokens, enabling unauthorized users to gain elevated permissions during the registration process.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing users to gain access to roles with elevated permissions.

Reproduction

To reproduce this vulnerability, send an invite request and modify it to include a privileged role. Then, register using the invitation token, which will grant the specified elevated permissions.

Remediation

Users can update to BlueWave Checkmate version 2.1.1 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.4

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.4

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BlueWave Checkmate Privilege Escalation Vulnerability in Invite Request Handling

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating