Insecure Direct Object Reference (IDOR) Vulnerability in Mealie 1.0.0beta3 Allows Unauthorized Modification of User Attributes

Insecure Direct Object Reference (IDOR) Vulnerability in Mealie 1.0.0beta3 Allows Unauthorized Modification of User Attributes

CVE-2022-34621 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.

Learn more about our User Device Pen Test.