1.0.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

mealie

CWE-639

NVD

Published: 2022-08-19

Updated: 2022-08-23

Summary

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.

Vulnerable Configurations

Part	Description	Count
Application	Mealie Mealie Mealie 0.5.5 Mealie Mealie 1.0.0	2

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/
https://cwe.mitre.org/data/definitions/639.html
https://portswigger.net/web-security/access-control/idor
https://docs.mealie.io/changelog/v0.5.6/
https://hub.docker.com/r/hkotel/mealie