GHSA-whmp-h7x8-7x69HighCVSS 7.2
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private...
🔗 CVE IDs covered (1)
📋 Description
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/role_bindings that fails to verify app_id ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by other organizations, enabling unauthorized read and modification of victim applications.