Search

Find a vulnerability

Search criteria

    2 vulnerabilities by almirhodzic

    CVE-2026-42202 (GCVE-0-2026-42202)

    Vulnerability from nvd – Published: 2026-05-08 21:18 – Updated: 2026-05-11 14:24
    VLAI
    Title
    nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields
    Summary
    nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint (POST/nova-vendor/nova-toggle/toggle/{resource}/{resourceId}) was protected only by web + auth:<guard> middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself (for example, frontend customers sharing the web guard with the Nova admin area). The endpoint also accepted an arbitrary attribute parameter, which meant a valid caller could toggle any boolean column on the underlying model — not just columns exposed as Toggle fields on the resource. This issue has been patched in version 1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42202",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:24:37.929877Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:24:49.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nova-toggle-5",
              "vendor": "almirhodzic",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint (POST/nova-vendor/nova-toggle/toggle/{resource}/{resourceId}) was protected only by web + auth:\u003cguard\u003e middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource \u2014 including users who do not have access to Nova itself (for example, frontend customers sharing the web guard with the Nova admin area). The endpoint also accepted an arbitrary attribute parameter, which meant a valid caller could toggle any boolean column on the underlying model \u2014 not just columns exposed as Toggle fields on the resource. This issue has been patched in version 1.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T21:18:58.593Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/almirhodzic/nova-toggle-5/security/advisories/GHSA-f5c8-m5vw-rmgq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/almirhodzic/nova-toggle-5/security/advisories/GHSA-f5c8-m5vw-rmgq"
            },
            {
              "name": "https://github.com/almirhodzic/nova-toggle-5/releases/tag/v1.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/almirhodzic/nova-toggle-5/releases/tag/v1.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-f5c8-m5vw-rmgq",
            "discovery": "UNKNOWN"
          },
          "title": "nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42202",
        "datePublished": "2026-05-08T21:18:58.593Z",
        "dateReserved": "2026-04-25T05:04:37.027Z",
        "dateUpdated": "2026-05-11T14:24:49.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42202 (GCVE-0-2026-42202)

    Vulnerability from cvelistv5 – Published: 2026-05-08 21:18 – Updated: 2026-05-11 14:24
    VLAI
    Title
    nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields
    Summary
    nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint (POST/nova-vendor/nova-toggle/toggle/{resource}/{resourceId}) was protected only by web + auth:<guard> middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource — including users who do not have access to Nova itself (for example, frontend customers sharing the web guard with the Nova admin area). The endpoint also accepted an arbitrary attribute parameter, which meant a valid caller could toggle any boolean column on the underlying model — not just columns exposed as Toggle fields on the resource. This issue has been patched in version 1.3.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42202",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:24:37.929877Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:24:49.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nova-toggle-5",
              "vendor": "almirhodzic",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint (POST/nova-vendor/nova-toggle/toggle/{resource}/{resourceId}) was protected only by web + auth:\u003cguard\u003e middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes on any Nova resource \u2014 including users who do not have access to Nova itself (for example, frontend customers sharing the web guard with the Nova admin area). The endpoint also accepted an arbitrary attribute parameter, which meant a valid caller could toggle any boolean column on the underlying model \u2014 not just columns exposed as Toggle fields on the resource. This issue has been patched in version 1.3.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T21:18:58.593Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/almirhodzic/nova-toggle-5/security/advisories/GHSA-f5c8-m5vw-rmgq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/almirhodzic/nova-toggle-5/security/advisories/GHSA-f5c8-m5vw-rmgq"
            },
            {
              "name": "https://github.com/almirhodzic/nova-toggle-5/releases/tag/v1.3.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/almirhodzic/nova-toggle-5/releases/tag/v1.3.0"
            }
          ],
          "source": {
            "advisory": "GHSA-f5c8-m5vw-rmgq",
            "discovery": "UNKNOWN"
          },
          "title": "nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42202",
        "datePublished": "2026-05-08T21:18:58.593Z",
        "dateReserved": "2026-04-25T05:04:37.027Z",
        "dateUpdated": "2026-05-11T14:24:49.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }