NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-639 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-17T00:00:00
Updated: 2024-11-07T16:01:16.449Z
Reserved: 2024-06-16T00:00:00
Link: CVE-2024-38446
Vulnrichment
Updated: 2024-08-02T04:12:25.011Z
NVD
Status : Awaiting Analysis
Published: 2024-07-17T17:15:15.340
Modified: 2024-11-21T09:25:53.547
Link: CVE-2024-38446
Redhat
No data.