eLabFTW is an open source electronic lab notebook for research labs.  In an eLabFTW system, one might disallow user creation except for by system administrators, administrators and trusted services. If administrators are allowed to create new users (which is the default), the vulnerability allows any user to create new users in teams where they are members. The new users are automatically validated and administrators are not notified. This can allow a user with permanent or temporary access to a

eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in version 4.4.0 and prior to version 5.0.0 that allows regular users to create new, validated accounts in their team. If the system has anonymous access enabled (disabled by default) an unauthenticated user can create regular users in any team. This vulnerability has been fixed since version 5.0.0, releas

GitHub, Inc. AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

GitHub, Inc. CWE-266

eLabFTW is an open source electronic lab notebook for research labs.  In an eLabFTW system, one might disallow user creation except for by system administrators, administrators and trusted services. If administrators are allowed to create new users (which is the default), the vulnerability allows any user to create new users in teams where they are members. The new users are automatically validated and administrators are not notified. This can allow a user with permanent or temporary access to a

GitHub, Inc. https://github.com/elabftw/elabftw/security/advisories/GHSA-v677-8x8p-636v [No types assigned]