CVE-2024-47210

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47210

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47210.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47210

Published

2024-09-21T23:15:14.137Z

Modified

2025-11-20T12:28:33.928064Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.

References

Affected packages

Git / github.com/gladysassistant/gladys

Affected ranges

Type: GIT
Repo: https://github.com/gladysassistant/gladys
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

344ad9b8ca3078d9292dd95f2dd7b9172bc6ebbe

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.8

v2.1.9

v3.*

v3.0.0-alpha1

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.10.0

v3.10.1

v3.10.2

v3.10.3

v3.11.0

v3.11.1

v3.11.2

v3.11.3

v3.11.4

v3.11.5

v3.11.6

v3.12.0

v3.12.1

v3.13.0

v3.14.0

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.7.5

v3.7.6

v3.7.7

v3.7.8

v3.8.0

v3.8.1

v3.9.0

v3.9.1

v4.*

v4.0.0

v4.0.0-alpha

v4.0.0-beta-10

v4.0.0-beta-11

v4.0.0-beta-12

v4.0.0-beta-13

v4.0.0-beta-14

v4.0.0-beta-2

v4.0.0-beta-3

v4.0.0-beta-4

v4.0.0-beta-5

v4.0.0-beta-6

v4.0.0-beta-7

v4.0.0-beta-8

v4.0.0-beta-9

v4.0.0-beta.15

v4.0.0-beta.16

v4.0.0-beta.17

v4.0.0-beta.18

v4.0.0-beta.19

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.1.0

v4.1.1

v4.10.0

v4.10.1

v4.10.2

v4.11.0

v4.11.1

v4.11.2

v4.12.0

v4.12.1

v4.12.2

v4.13.0

v4.13.1

v4.13.2

v4.14.0

v4.15.0

v4.16.0

v4.16.1

v4.17.0

v4.17.1

v4.18.0

v4.19.0

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.20.0

v4.21.0

v4.21.1

v4.21.2

v4.22.0

v4.23.0

v4.23.1

v4.23.2

v4.23.3

v4.23.4

v4.24.0

v4.25.0

v4.25.1

v4.26.0

v4.26.1

v4.27.0

v4.27.1

v4.27.2

v4.28.0

v4.29.0

v4.3.0

v4.3.1

v4.30.0

v4.31.0

v4.31.1

v4.32.0

v4.33.0

v4.34.0

v4.35.0

v4.36.0

v4.37.0

v4.38.0

v4.38.1

v4.38.2

v4.38.3

v4.38.4

v4.39.0

v4.4.0

v4.4.1

v4.40.0

v4.41.0

v4.42.0

v4.42.1

v4.43.0

v4.44.0

v4.45.0

v4.5.0

v4.5.1

v4.5.2

v4.5.3

v4.6.0

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.8.0

v4.8.1

v4.8.10

v4.8.2

v4.8.3

v4.8.4

v4.8.5

v4.8.6

v4.8.7

v4.8.8

v4.8.9

v4.9.0

v4.9.1

v4.9.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47210.json"