Privilege Escalation Leads to RCE in Medplum | allinfosecnews.com

March 28, 2024, 10:31 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Privilege Escalation Leads to RCE in Medplum

CVE Number

CVE-2024-29380

Loginsoft ID

Loginsoft-2024-1011

Description

The application “Medplum” is affected by a privilege escalation vulnerability that can lead to the execution of system commands. An attacker with practitioner privileges can elevate their status to a project admin using the ProjectMembership endpoint, enabling them to execute system commands through the bot editor.

CWE

CWE-269: Improper Privilege Management

CWE-94: Improper Control of Generation of Code (‘Code Injection’)

Affected Versions

< v3.0.7 …

admin application attacker can cve cve-2024 elevate endpoint escalation malware analysis privilege privilege escalation privileges project rce system vulnerability

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Cybersecurity firm Darktrace sold to Thoma Bravo for $5.3 billion 9 hours ago | malware.news

acquisition article cybersecurity darktrace +5

Arctic Wolf Recognized as a Leader in Frost & Sullivan Managed Detection and Response Report 10 hours ago | malware.news

amp and response april arctic +20

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche 10 hours ago | malware.news

april avalanche components critical +19

Showcasing Artwork by Max for Autism Awareness Month 11 hours ago | malware.news

art article artwork autism +6

TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381 11 hours ago | malware.news

article cisco deepfakes flowmon +6

Kaiser Permanente notifies 13.4M patients of potential data exposure 11 hours ago | malware.news

apps article data data exposure +16

Impact of organizational structure on ransomware outcomes: Where does your org fit in? 11 hours ago | malware.news

article challenges core security detection +15

VA is warning veterans about Change Healthcare cyberattack, secretary says 12 hours ago | malware.news

alerting article attack change +14

Outsmarting the Adversaries: How AI is Transforming Threat Detection & Response 12 hours ago | malware.news

abnormal adlumin adversaries amp +25

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Data & Security Engineer Lead

@ LiquidX | Singapore, Central Singapore, Singapore

View on infosec-jobs.com

IT and Cyber Risk Control Lead

@ GXS Bank | Singapore - OneNorth

View on infosec-jobs.com

Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F

@ Hifield | Sèvres, France

View on infosec-jobs.com

Cyber Security Analyst (Weekend 1st Shift)

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com

Senior Manager, Cybersecurity

@ BlueTriton Brands | Stamford, CT, US

View on infosec-jobs.com