Thank you Brandon Perry for finding this vulnerability.
We would like to make a correction to the disclosure - this issue
affects only the Mule Enterprise Management Console (MMC) used by some
customer administrators to manage Mule ESB runtimes, and not the Mule
ESB runtime itself. MMC is typi
Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code
Execution
Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to
create an administrator user due to a lack of permissions check in the
handler/securityService.rpc endpoint. The following HTTP request can
