alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/<user_id>` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Alf
Alf alf |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:alf:alf:*:*:*:*:*:*:*:* | |
Vendors & Products |
Alf
Alf alf |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-02-19T19:48:10.379Z
Updated: 2024-08-28T18:02:07.113Z
Reserved: 2024-02-08T22:26:33.513Z
Link: CVE-2024-25635
Vulnrichment
Updated: 2024-08-01T23:44:09.642Z
NVD
Status : Analyzed
Published: 2024-02-19T20:15:45.890
Modified: 2024-12-18T17:51:55.433
Link: CVE-2024-25635
Redhat
No data.