Privilege Escalation via Extra Parameters in Bonobo Git Server AccountController

Privilege Escalation via Extra Parameters in Bonobo Git Server AccountController

CVE-2019-11218 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.

Learn more about our Cis Benchmark Audit For Server Software.