CandidATS 3.0.0 - CSRF to Privilege Escalation
|Name||CandidATS 3.0.0 - CSRF to Privilege Escalation|
|Affected versions||Version 3.0.0|
|Kind||Cross-site request forgery|
|Rule||007. Cross-site request forgery|
|CVSSv3 Base Score||8.8|
CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.
The stored XSS present in CandidATS 3.0.0 allows a remote attacker to elevate privileges in the application. To trigger this vulnerability, we will need to persuade an administrator to open a malicious link.
In this attack we will elevate privileges in the application, through a malicious link.
Our security policy
We have reserved the CVE-2022-42751 to refer to these issues from now on.
Version: CandidATS 3.0.0
Operating System: GNU/Linux
There is currently no patch available for this vulnerability.
The vulnerability was discovered by Carlos Bello from Fluid Attacks' Offensive Team.
Vendor page https://candidats.net/
Vendor replied acknowledging the report.