CVE-2022-45183: 
Ironman Software PowerShell Universal vulnerability analysis and mitigation

Escalation of privileges vulnerability in the Web Server component of Ironman Software PowerShell Universal versions 2.x and 3.x was discovered. The vulnerability allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request, potentially leading to privilege escalation. The vulnerability was disclosed on November 11th, 2022, and affects versions 3.5.2 and earlier, 3.4.6 and earlier, and 2.12.5 and earlier (IronMan Blog).

The vulnerability stems from a logic error in the App Token endpoint that allows valid app tokens created by a single user to access any app token created by that same user. For example, if a user created a Reader app token, that token could access an administrator app token created by the same user, leading to privilege escalation. The vulnerability has a CVSS score of 8.8, indicating high severity (CISA Bulletin).

The vulnerability allows an attacker to escalate their privileges by accessing app tokens with higher privilege levels. For instance, a user with a Reader app token could potentially gain administrator privileges by accessing an administrator app token created by the same user. However, app tokens could not access tokens created by other users (IronMan Blog).

The vulnerability has been patched in versions 3.5.3, 3.4.7, and 2.12.6. As a workaround, administrators can revoke app tokens that meet the vulnerability criteria to mitigate this vulnerability without patching. It is recommended to upgrade to the patched versions (IronMan Blog).

The vulnerability was responsibly disclosed by a customer through Ironman Software's Vulnerability Response Policy. Special acknowledgment was given to Thierry Viaccoz for reporting the issue (IronMan Blog).