Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.Referenceshttps://projectblack.io/blog/orthanc-1-12-9-user-impersonation/#exploitationhttps://discourse.orthanc-server.org/t/orthanc-1-12-10/6326https://orthanc.uclouvain.be/bugs/show_bug.cgi?id=252
