CVE-2021-37705P2CRITICALCVSS 10.0≥ 2.12.0, < 2.31.0·v>= 2.12.0, < 2.31.02021-08-13
CVE-2021-37705 [CRITICAL] CWE-285 CVE-2021-37705: OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or grea
ghsanvdosv