Vendor

L3montree-Dev

1 brief RSS

DevGuard Unauthenticated Identity Assertion via X-Admin-Token

DevGuard versions before 1.2.2 are vulnerable to unauthenticated identity assertion via a client-supplied `X-Admin-Token` HTTP request header, potentially granting attackers full control over organizations if they can guess an admin/owner's Kratos identity UUID.

devguard +1 authentication authorization privilege_escalation web_application

1r 2t 1h ago