CVE-2024-31525

Published: Mar 5, 2025

Modified: Mar 6, 2025

PUBLISHED

Description

Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result, for example, in creating a new admin user in the system which enables persistent access for the attacker as an administrator.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://cwe.mitre.org/data/definitions/285.html

https://github.com/Peppermint-Lab/peppermint/issues/258

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-31525

Description

Affected Products

References