AIKIDO-2024-10411
Elsa is vulnerable to Improper Authorization
100
Critical
Elsa dotnet
AIKIDO-2024-10411: Elsa is vulnerable to Improper Authorization in versions 1.0.0 - 3.2.2.
Improper Authorization
Vuln in 1.0.0 - 3.2.2
Fixed in 3.2.3
No CVE available
TL;DR
Affected versions of the package are vulnerable to improper authorization. A critical vulnerability was discovered in the real-time workflow functionality via SignalR that necessitates immediate action. Check the link to the vendor website for more information.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade Elsa library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US