Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via Name:isauthenticationenabled,Value:false in an api/settings/setting-isauthenticationenabled PUT request.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Seq | Datalust | * | 4.2.605 (excluding) |