In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-640,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisecurity | cis-cat_pro_dashboard | 1.0.0 |
| cisecurity | cis-cat_pro_dashboard | 1.0.2 |
| cisecurity | cis-cat_pro_dashboard | 1.0.3 |
| cisecurity | cis-cat_pro_dashboard | 1.0.1 |