CVE-2024-55471 – oqtane.server

Package

Manager: nuget
Name: oqtane.server
Vulnerable Version: >=0 <=6.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00094 pctl0.27285

Details

Oqtane Framework Insecure Direct Object Reference vulnerability Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.

Metadata

Created: 2024-12-20T18:31:32Z
Modified: 2024-12-20T19:42:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-hhcw-wwxv-g95c/GHSA-hhcw-wwxv-g95c.json
CWE IDs: ["CWE-639"]
Alternative ID: GHSA-hhcw-wwxv-g95c
Finding: F039
Auto approve: 1