The kidaze CourseSelectionSystem is an unknown HR software used by some organizations for employee management. This vulnerability allows attackers to forge admin tokens without any credentials, gaining full administrative access to your HR system remotely. This means potential access to employee PII, payroll data, and system configuration.
You're affected if you use A vulnerability was identified. Affected versions: 42 If you don't recognise this software, you're probably not affected.
Immediate mitigations:
- Restrict network access to your HR system (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation
- Contact kidaze directly for a patched version - there's no public patch link in the advisory.
- No upgrade instructions are provided, as the vendor has not released an official patch.