CVE-2024-55471

MEDIUM6.5EPSS 0.12%

Oqtane Framework Insecure Direct Object Reference vulnerability

Published: 12/20/2024Modified: 12/20/2024

Description

Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.

Affected packages (2)

NuGet/Oqtane.Frameworkfrom 0, <= 6.0.0
NuGet/Oqtane.Serverfrom 0, <= 6.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-55471
PATCHhttps://github.com/oqtane/oqtane.framework
WEBhttps://github.com/oqtane/oqtane.framework/pull/4880/files
WEBhttps://medium.com/@Rudra_2158/cve-2024-55471-breaking-down-the-idor-vulnerability-in-oqtane-framework-c0f4b02f12fc