Unauthenticated Database Operations in RedwoodHQ 2.5.5

Unauthenticated Database Operations in RedwoodHQ 2.5.5

CVE-2019-12890 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.

Learn more about our User Device Pen Test.