Dismissed
(no matching packages found)
Permalink
CVE-2026-58165
8.7 HIGH
-
CVSS version (CVSS): 4.0
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Attack Requirement (AT): None (N)
-
Privileges Required (PR): Low (L)
-
User Interaction (UI): None (N)
-
Vulnerable System Impact Confidentiality (VC): High (H)
-
Vulnerable System Impact Integrity (VI): High (H)
-
Vulnerable System Impact Availability (VA): High (H)
-
Subsequent System Impact Confidentiality (SC): None (N)
-
Subsequent System Impact Integrity (SI): None (N)
-
Subsequent System Impact Availability (SA): None (N)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Attack Requirement (MAT): None (N)
-
Modified Privileges Required (MPR): Low (L)
-
Modified User Interaction (MUI): None (N)
-
Modified Vulnerable System Impact Confidentiality (MVC): High (H)
-
Modified Vulnerable System Impact Integrity (MVI): High (H)
-
Modified Vulnerable System Impact Availability (MVA): High (H)
-
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
-
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
-
Modified Subsequent System Impact Availability (MSA): Negligible (N)
-
Safety (S): Not Defined (X)
-
Automatable (AU): Not Defined (X)
-
Recovery (R): Not Defined (X)
-
Value Density (V): Not Defined (X)
-
Vulnerability Response Effort (RE): Not Defined (X)
-
Provider Urgency (U): Not Defined (X)
-
Confidentiality Req. (CR): Not Defined (X)
-
Integrity Req. (IR): Not Defined (X)
-
Availability Req. (AR): Not Defined (X)
-
Exploit Maturity (E): Not Defined (X)
created
2 weeks, 2 days ago
Activity log
-
Created & dismissed (no matching packages found) suggestion
2 weeks, 2 days ago
OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate function in controller/model/enrollment_manager.go verifies only that the target identity exists without performing authorization checks binding the caller to the target identity. Attackers can redeem the resulting one-time token through the unauthenticated client API enrollment endpoint to obtain a client certificate authenticating as the targeted admin identity, yielding full administrative control of the controller and the zero-trust overlay it manages.
Affected products
ziti
-
==3027fdffd3e57884487b7c46e5e669cfbc8becdf
-
=<2.0.0