Description
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md
Third Party Advisory x_refsource_misc
https://github.com/Netflix/dispatch/releases/tag/v20201106
Scores
CVSS v3
6.5
EPSS
0.0093
EPSS Percentile
56.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (1)
netflix/dispatch
< 20201106
Published
Nov 09, 2020
Tracked Since
Feb 18, 2026