RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redwoodhq | redwoodhq | 2.5.5 |
| redwoodhq | redwoodhq | 2.0 |