References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83.

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-266

https://github.com/Syslifters/sysreptor/commit/de8b5d89d0644479ee0da0a113c6bcc2436ba7f4

https://github.com/Syslifters/sysreptor/security/advisories/GHSA-r6hm-59cq-gjg6