Insecure Permissions in ProcessMaker User Profile Page Allows User Escalation to Administrators

Insecure Permissions in ProcessMaker User Profile Page Allows User Escalation to Administrators

CVE-2022-38577 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.

Learn more about our User Device Pen Test.