CVE-2024-47210

Published September 21st, 2024

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.

GladysAssistant/Gladys

A privacy-first, open-source home assistant

GitHub

3.06K