Movary Privilege Escalation Vulnerability Allowing Self-Elevation to Administrator
Vulnerability
A privilege escalation vulnerability has been identified in Movary, a self-hosted web application for tracking and rating movies. In versions prior to 0.71.1, an authenticated user could escalate their privileges to administrator by sending a request to update their user profile with 'isAdmin=true'. The application failed to properly validate this change, allowing normal users to gain administrative rights. This issue has been patched in version 0.71.1.
Impact
Exploiting this vulnerability allows any authenticated user to gain administrative privileges, granting access to admin-only features and settings.
Reproduction
To reproduce this vulnerability, log in as an authenticated user and send a PUT request to '/settings/users/{userId}' with 'isAdmin' set to true. This request will update the user's admin status without proper authorization, allowing access to administrative functions.
Remediation
Users can upgrade to Movary version 0.71.1 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.