Insecure object reference - Files
Description
An unauthorized user can access or manipulate information of other users just by knowing the identifier that differentiates them, since the application does not validate the necessary permissions to access.
Impact
Access or manipulate the victims account information by knowing a victims user ID.
Recommendation
Verify that the user who is trying to access the information has the necessary permissions to access.
Threat
Unauthorized user from local network.
Expected Remediation Time
⏱️ 30 minutes.
Requirements
176 - Restrict system objectsScore
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N