all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Privilege Escalation Leads to RCE in Medplum

Add to bookmarks
March 28, 2024, 10:31 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Privilege Escalation Leads to RCE in Medplum


CVE Number

CVE-2024-29380


Loginsoft ID

Loginsoft-2024-1011


Description

The application “Medplum” is affected by a privilege escalation vulnerability that can lead to the execution of system commands. An attacker with practitioner privileges can elevate their status to a project admin using the ProjectMembership endpoint, enabling them to execute system commands through the bot editor.


CWE

CWE-269: Improper Privilege Management


CWE-94: Improper Control of Generation of Code (‘Code Injection’)


Affected Versions

< v3.0.7 …

admin application attacker can cve cve-2024 elevate endpoint escalation malware analysis privilege privilege escalation privileges project rce system vulnerability

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Wireshark 4.2.5 Released, (Sat, May 18th) 4 hours ago | malware.news
article bugs center cve +13
The who, where, and how of APT attacks – Week in security with Tony Anscombe 14 hours ago | malware.news
apt article attacks campaigns +11
Leveling the cybersecurity playing field 19 hours ago | malware.news
article blumira cybersecurity entry +4
Hardware cybersecurity leader, Flexxon, introduces Server Defender 19 hours ago | malware.news
advanced article cybersecurity defender +8
Automated pentesting in the cloud 19 hours ago | malware.news
article automated challenge cloud +10
How to revamp your cybersecurity in the middle of the chaos 19 hours ago | malware.news
article attackers chaos cybersecurity +8
6K-plus AI models may be affected by critical RCE vulnerability 21 hours ago | malware.news
ai models article attacks critical +14
Zscaler annual phishing report finds a near 60% increase in phishing attacks in 2023 22 hours ago | malware.news
article attacks link media +6
Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & More - SWN #387 23 hours ago | malware.news
amp article cisa deepfakes +8

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Security Operations Manager-West Coast

@ The Walt Disney Company | USA - CA - 2500 Broadway Street
View on infosec-jobs.com

Vulnerability Analyst - Remote (WFH)

@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
View on infosec-jobs.com

Senior Mainframe Security Administrator

@ Danske Bank | Copenhagen V, Denmark
View on infosec-jobs.com