ГлавнаяУязвимости → CVE-2025-57817
7.2высокая

CVE-2025-57817

Описание

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available.

Затрагиваемое ПО
Ethyca Fides
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452https://github.com/ethyca/fides/releases/tag/2.69.1https://github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr