CVE-2022-45178: 
Linux Alpine vulnerability analysis and mitigation

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 HIGH with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue affects multiple endpoints in the application that handle user management and SAML integration. The vulnerability stems from improper access control mechanisms that fail to properly validate user permissions when accessing administrative functions (NVD).

The vulnerability allows authenticated users with low privileges to perform unauthorized administrative actions, including creating new users and escalating their own privileges to administrative level. This can lead to complete compromise of the system's access control mechanisms and unauthorized access to sensitive functionality (NVD).