CVE-2022-34621 Information

Description

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.

Reference

https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624/ https://cwe.mitre.org/data/definitions/639.html https://portswigger.net/web-security/access-control/idor https://docs.mealie.io/changelog/v0.5.6/ https://hub.docker.com/r/hkotel/mealie