Privilege Escalation Affecting authbwc package, versions [,0.1.4)


Severity

Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-AUTHBWC-40499
  • published7 Jan 2011
  • disclosed7 Jan 2011
  • creditUnknown

Introduced: 7 Jan 2011

CVE NOT AVAILABLE CWE-265  (opens in a new tab)

Overview

authbwc is a user authentication and authorization component for the BlazeWeb framework.

Affected versions of this package are vulnerable to Privilege Escalation. It was possible for a user to gain the permissions of the user logged in previously due to the way the HTTP session user permissions were loaded. A malicious user can log in after an admin has been logged in and not logged out, and gain their privileges.

References

CVSS Scores

version 3.1