216.73.217.98

CVE-2025-1007

· Published 19/02/2025 09:15 · Modified 19/02/2025 09:15

Labels: CVE-2025-1007 2025-02-19CVE-2025-1007CWE-283[email protected]

Essential information

Published
19/02/2025 09:15
Modified
19/02/2025 09:15
Author
Creator
CISA KEV
No
CWE

Description

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References