Improper Privilege Management in Pimcore

#VU76745 Improper Privilege Management in Pimcore

Published: 2023-06-01

Vulnerability identifier: #VU76745

Vulnerability risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2983

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Pimcore
Web applications / CMS

Vendor: Pimcore

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to improper privilege management within the "/admin/user/update" API endpoint. A remote low-privileged user can update their profile and assign administrative privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Pimcore: 10.5.0 - 10.5.22

External links
http://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1
http://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a
http://github.com/pimcore/pimcore/security/advisories/GHSA-m4mv-rmr7-h5f5

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in Pimcore CMS