CVE-2024-55471

MEDIUM6.5EPSS 0.12%

Oqtane Framework Insecure Direct Object Reference vulnerability

發布日:2024/12/20修改日:2024/12/20

描述

Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.

受影響套件(2)

NuGet/Oqtane.Frameworkfrom 0, <= 6.0.0
NuGet/Oqtane.Serverfrom 0, <= 6.0.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-55471
PATCHhttps://github.com/oqtane/oqtane.framework
WEBhttps://github.com/oqtane/oqtane.framework/pull/4880/files
WEBhttps://medium.com/@Rudra_2158/cve-2024-55471-breaking-down-the-idor-vulnerability-in-oqtane-framework-c0f4b02f12fc