mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
68 lines
2.2 KiB
JSON
68 lines
2.2 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-52528",
|
|
"ASSIGNER": "security-advisories@github.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-285: Improper Authorization",
|
|
"cweId": "CWE-285"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "BudgetControl",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Gateway",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "< 1.5.2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://github.com/BudgetControl/Gateway/security/advisories/GHSA-jqx6-gm7f-vp7m",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/BudgetControl/Gateway/security/advisories/GHSA-jqx6-gm7f-vp7m"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "GHSA-jqx6-gm7f-vp7m",
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |