all InfoSec news
Privilege Escalation Leads to RCE in Medplum
Malware Analysis, News and Indicators - Latest topics malware.news
Privilege Escalation Leads to RCE in Medplum
CVE Number
CVE-2024-29380
Loginsoft ID
Loginsoft-2024-1011
Description
The application “Medplum” is affected by a privilege escalation vulnerability that can lead to the execution of system commands. An attacker with practitioner privileges can elevate their status to a project admin using the ProjectMembership endpoint, enabling them to execute system commands through the bot editor.
CWE
CWE-269: Improper Privilege Management
CWE-94: Improper Control of Generation of Code (‘Code Injection’)
Affected Versions
< v3.0.7 …
admin application attacker can cve cve-2024 elevate endpoint escalation malware analysis privilege privilege escalation privileges project rce system vulnerability