CVE-2019-11393

Severity CVSS v4.0:
Pending analysis
Type:
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
Publication date:
22/04/2019
Last modified:
30/04/2019

Description

An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:tildeslash:monit:*:*:*:*:*:*:*:* 3.7.3 (excluding)