mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
25 lines
939 B
JSON
25 lines
939 B
JSON
|
{
|
||
|
|
"id": "CVE-2024-55470",
|
||
|
|
"sourceIdentifier": "cve@mitre.org",
|
||
|
|
"published": "2024-12-20T16:15:23.977",
|
||
|
|
"lastModified": "2024-12-20T16:15:23.977",
|
||
|
|
"vulnStatus": "Received",
|
||
|
|
"cveTags": [],
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://gist.github.com/Kaushikjoshi/2d8ad350ba5e72030fcee2536498cfe4",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://github.com/oqtane/oqtane.framework/pull/4878/files",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|