CyberDAVA Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in CyberDAVA versions prior to 1.1.20. This issue allows low-privileged users to gain elevated privileges by exploiting a specific API endpoint, '/api/v2/users/user/<user id>/role/ROLE/<Target role>', which lacks proper access controls. By abusing this endpoint, users can escalate their privileges to admin level.

Impact

Exploitation of this vulnerability allows low-privileged users to gain admin privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CyberDAVA Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating