Vendor
Movary versions prior to 0.71.1 are vulnerable to a privilege escalation, allowing authenticated non-admin users to access user management endpoints and create new administrator accounts due to missing middleware and flawed authorization checks.