Tandoor: >> Recipes >> 2.0.0 Security Vulnerabilities
Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escalate their privileges to the highest level.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-09-19