Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
Apache VCL Versions: 2.1, 2.2, 2.2.1, 2.3, 2.3.1
A vulnerability was reported in Apache VCL.
A remote authenticated administrative user with minimal administrative privileges (i.e., nodeAdmin, manageGroup, resourceGrant, or userGrant) can send specially crafted data via the web interface or XMLRPC API to gain additional administrative privileges.
A remote authenticated user can obtain elevated privileges on the target system.