CVE-2024-7265 Information

Description

Incorrect User Management vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user including root user which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84 from 16 before 16.15 from 17 before 17.2.

Reference

https://cert.pl/en/posts/2024/08/CVE-2023-7265/ https://cert.pl/posts/2024/08/CVE-2023-7265/ https://www.gov.pl/web/ezd-rp