CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.7%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/mealie-recipes/mealie/issues/4593
https://m10x.de/posts/2025/03/all-your-recipe-are-belong-to-us-part-3/3-broken-access-controls-leading-to-privilege-escalation-and-more-in-mealie/

Products affected by CVE-2024-55072

Mealie » Mealie » Version: 2.2.0

cpe:2.3:a:mealie:mealie:2.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-55072

Products

Pricing

Contact Us