CNNVD-202509-3160 Information

CNNVD ID

CNNVD-202509-3160

Related CVE

CVE-2025-57396

• CNNVD Published: 2025-09-21

Description (Chinese)

Tandoor Recipes是Tandoor Recipes开源的一个用于管理食谱、计划膳食、建立购物清单等等的应用程序。 Tandoor Recipes 2.0.0-alpha-1版本存在安全漏洞，该漏洞源于User Profile API Endpoint包含两个布尔值，可能导致任何用户将权限提升至最高级别。

Description (English)

Tandoor Recipes is an application for the management of recipes, the planning of meals, the creation of shopping lists, etc. There is a security loophole in the Tandoor Recipes 2.0-alpha-1 version, which stems from the fact that the User Profile API Endpoint contains two boolean values, which may result in any user raising the privileges to the highest level.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

TastyIgniter

Published

2025-09-21

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/cve-2025-57396

Patch

https://docs.tandoor.dev/