An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-639 | |
Metrics |
cvssV3_1
|
Fri, 20 Dec 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-20T00:00:00
Updated: 2024-12-20T20:49:14.926Z
Reserved: 2024-12-06T00:00:00
Link: CVE-2024-55186
Vulnrichment
Updated: 2024-12-20T20:49:09.894Z
NVD
Status : Received
Published: 2024-12-20T16:15:23.853
Modified: 2024-12-20T21:15:08.850
Link: CVE-2024-55186
Redhat
No data.