CVE-2024-7265 (GCVE-0-2024-7265)
Vulnerability from cvelistv5 – Published: 2024-08-07 10:58 – Updated: 2025-03-17 08:34
VLAI?
Title
Privilege Escalation in EZD RP
Summary
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy | EZD RP |
Affected:
15 , < 15.84
(custom)
Affected: 16 , < 16.15 (custom) Affected: 17 , < 17.2 (custom) |
Credits
Jakub Płatek (NASK-PIB)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nask-pib:ezd_rp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ezd_rp",
"vendor": "nask-pib",
"versions": [
{
"lessThan": "15.84",
"status": "affected",
"version": "15",
"versionType": "custom"
},
{
"lessThan": "16.15",
"status": "affected",
"version": "16",
"versionType": "custom"
},
{
"lessThan": "17.2",
"status": "affected",
"version": "17",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T13:13:17.569299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:37:20.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EZD RP",
"vendor": "Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy",
"versions": [
{
"lessThan": "15.84",
"status": "affected",
"version": "15",
"versionType": "custom"
},
{
"lessThan": "16.15",
"status": "affected",
"version": "16",
"versionType": "custom"
},
{
"lessThan": "17.2",
"status": "affected",
"version": "17",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakub P\u0142atek (NASK-PIB)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect User Management vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation.\u0026nbsp;\u003cp\u003eThis issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.\u003c/p\u003e"
}
],
"value": "Incorrect User Management vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation.\u00a0This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T08:34:48.839Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/08/CVE-2024-7265/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/08/CVE-2024-7265/"
},
{
"tags": [
"product"
],
"url": "https://www.gov.pl/web/ezd-rp"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in EZD RP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-7265",
"datePublished": "2024-08-07T10:58:25.223Z",
"dateReserved": "2024-07-30T08:43:01.420Z",
"dateUpdated": "2025-03-17T08:34:48.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15\", \"versionEndExcluding\": \"15.84\", \"matchCriteriaId\": \"B43D39E4-75AE-42D6-B206-A70B3CB9B538\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16\", \"versionEndExcluding\": \"16.15\", \"matchCriteriaId\": \"0C255177-BEAE-4B88-869C-57EBD3466ADD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17\", \"versionEndExcluding\": \"17.2\", \"matchCriteriaId\": \"50DE01F5-72FE-4ECC-B117-3B4D5E15901C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Incorrect User Management vulnerability in Naukowa i Akademicka Sie\\u0107 Komputerowa - Pa\\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation.\\u00a0This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de administraci\\u00f3n incorrecta de usuarios en Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP permite que un usuario conectado cambie la contrase\\u00f1a de cualquier usuario, incluido el usuario root, lo que podr\\u00eda provocar una escalada de privilegios. Este problema afecta a EZD RP: desde la versi\\u00f3n 15 hasta la 15.84, desde la versi\\u00f3n 16 hasta la 16.15, desde la versi\\u00f3n 17 hasta la 17.2.\"}]",
"id": "CVE-2024-7265",
"lastModified": "2024-10-10T16:15:08.763",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"cvd@cert.pl\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:D/RE:L/U:Amber\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"USER\", \"valueDensity\": \"DIFFUSE\", \"vulnerabilityResponseEffort\": \"LOW\", \"providerUrgency\": \"AMBER\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-08-07T11:15:45.757",
"references": "[{\"url\": \"https://cert.pl/en/posts/2024/08/CVE-2023-7265/\", \"source\": \"cvd@cert.pl\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://cert.pl/posts/2024/08/CVE-2023-7265/\", \"source\": \"cvd@cert.pl\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.gov.pl/web/ezd-rp\", \"source\": \"cvd@cert.pl\", \"tags\": [\"Product\"]}]",
"sourceIdentifier": "cvd@cert.pl",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cvd@cert.pl\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-7265\",\"sourceIdentifier\":\"cvd@cert.pl\",\"published\":\"2024-08-07T11:15:45.757\",\"lastModified\":\"2025-03-17T09:15:11.963\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect User Management vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation.\u00a0This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de administraci\u00f3n incorrecta de usuarios en Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP permite que un usuario conectado cambie la contrase\u00f1a de cualquier usuario, incluido el usuario root, lo que podr\u00eda provocar una escalada de privilegios. Este problema afecta a EZD RP: desde la versi\u00f3n 15 hasta la 15.84, desde la versi\u00f3n 16 hasta la 16.15, desde la versi\u00f3n 17 hasta la 17.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cvd@cert.pl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:D/RE:L/U:Amber\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"LOW\",\"providerUrgency\":\"AMBER\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cvd@cert.pl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15\",\"versionEndExcluding\":\"15.84\",\"matchCriteriaId\":\"B43D39E4-75AE-42D6-B206-A70B3CB9B538\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16\",\"versionEndExcluding\":\"16.15\",\"matchCriteriaId\":\"0C255177-BEAE-4B88-869C-57EBD3466ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17\",\"versionEndExcluding\":\"17.2\",\"matchCriteriaId\":\"50DE01F5-72FE-4ECC-B117-3B4D5E15901C\"}]}]}],\"references\":[{\"url\":\"https://cert.pl/en/posts/2024/08/CVE-2024-7265/\",\"source\":\"cvd@cert.pl\"},{\"url\":\"https://cert.pl/posts/2024/08/CVE-2024-7265/\",\"source\":\"cvd@cert.pl\"},{\"url\":\"https://www.gov.pl/web/ezd-rp\",\"source\":\"cvd@cert.pl\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7265\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-07T13:13:17.569299Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nask-pib:ezd_rp:*:*:*:*:*:*:*:*\"], \"vendor\": \"nask-pib\", \"product\": \"ezd_rp\", \"versions\": [{\"status\": \"affected\", \"version\": \"15\", \"lessThan\": \"15.84\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"16\", \"lessThan\": \"16.15\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"17\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-08T14:37:01.184Z\"}}], \"cna\": {\"title\": \"Privilege Escalation in EZD RP\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jakub P\\u0142atek (NASK-PIB)\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:U/V:D/RE:L/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Naukowa i Akademicka Sie\\u0107 Komputerowa - Pa\\u0144stwowy Instytut Badawczy\", \"product\": \"EZD RP\", \"versions\": [{\"status\": \"affected\", \"version\": \"15\", \"lessThan\": \"15.84\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"16\", \"lessThan\": \"16.15\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"17\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://cert.pl/en/posts/2024/08/CVE-2024-7265/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://cert.pl/posts/2024/08/CVE-2024-7265/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.gov.pl/web/ezd-rp\", \"tags\": [\"product\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect User Management vulnerability in Naukowa i Akademicka Sie\\u0107 Komputerowa - Pa\\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation.\\u00a0This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Incorrect User Management vulnerability in Naukowa i Akademicka Sie\\u0107 Komputerowa - Pa\\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation.\u0026nbsp;\u003cp\u003eThis issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"shortName\": \"CERT-PL\", \"dateUpdated\": \"2025-03-17T08:34:48.839Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-7265\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-17T08:34:48.839Z\", \"dateReserved\": \"2024-07-30T08:43:01.420Z\", \"assignerOrgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"datePublished\": \"2024-08-07T10:58:25.223Z\", \"assignerShortName\": \"CERT-PL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…