MidnightBSD

Advisories for redwoodhq

CVE-2019-12890 HIGH

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
redwoodhq redwoodhq 2.5.5
redwoodhq redwoodhq 2.0