DOM Customer Portal / Security / Authorization Bypass Vulnerability in Router Inbox

Authorization Bypass Vulnerability in Router Inbox (DOPPLER-SA-0002)


Summary

A critical vulnerability was found in the Inbox feature, when an authenticated user with router.inbox access could intercept and take control of devices outside their access group before they were allowed.

Remediation

Customers should update to v22.12 or later.

Affected Versions

  • v22.09.13 and earlier versions of Doppler

Advisory Details

Severity

8.4 High

Discovered

Dec 1, 2022

Published

Dec 22, 2022

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L