Unauthenticated Database Operations in RedwoodHQ 2.5.5
CVE-2019-12890 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.
Learn more about our User Device Pen Test.