alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/<user_id>` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue.
History

Wed, 18 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Alf
Alf alf
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:alf:alf:*:*:*:*:*:*:*:*
Vendors & Products Alf
Alf alf

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-19T19:48:10.379Z

Updated: 2024-08-28T18:02:07.113Z

Reserved: 2024-02-08T22:26:33.513Z

Link: CVE-2024-25635

cve-icon Vulnrichment

Updated: 2024-08-01T23:44:09.642Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-19T20:15:45.890

Modified: 2024-12-18T17:51:55.433

Link: CVE-2024-25635

cve-icon Redhat

No data.