nvd-json-data-feeds/CVE-2024/CVE-2024-345xx/CVE-2024-34519.json

{
  "id": "CVE-2024-34519",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-05-05T22:15:07.563",
  "lastModified": "2024-05-06T12:44:56.377",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has privileges that a dashboard visitor should not have."
    },
    {
      "lang": "es",
      "value": "Avantra Server 24.x anterior a 24.0.7 y 24.1.x anterior a 24.1.1 maneja mal la seguridad de los paneles, tambi\u00e9n conocido como XAN-5367. Si un usuario puede crear un panel con un usuario que inicia sesi\u00f3n autom\u00e1ticamente, es posible que se divulguen datos. El control de acceso se puede omitir cuando hay un panel compartido y su usuario de inicio de sesi\u00f3n autom\u00e1tico tiene privilegios que un visitante del panel no deber\u00eda tener."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://docs.avantra.com/release-notes/24/changes.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://support.avantra.com/support/solutions/articles/44002516766-xan-5367-security-vulnerability-fix-for-dashboards",
      "source": "cve@mitre.org"
    }
  ]
}
Auto-Update: 2024-05-05T23:55:30.245075+00:00 2024-05-05 23:58:21 +00:00			`{`
			`"id": "CVE-2024-34519",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2024-05-05T22:15:07.563",`
Auto-Update: 2024-05-06T14:00:38.627103+00:00 2024-05-06 14:03:28 +00:00			`"lastModified": "2024-05-06T12:44:56.377",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-05-05T23:55:30.245075+00:00 2024-05-05 23:58:21 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has privileges that a dashboard visitor should not have."`
Auto-Update: 2024-05-12T02:00:30.069085+00:00 2024-05-12 02:03:21 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Avantra Server 24.x anterior a 24.0.7 y 24.1.x anterior a 24.1.1 maneja mal la seguridad de los paneles, tambi\u00e9n conocido como XAN-5367. Si un usuario puede crear un panel con un usuario que inicia sesi\u00f3n autom\u00e1ticamente, es posible que se divulguen datos. El control de acceso se puede omitir cuando hay un panel compartido y su usuario de inicio de sesi\u00f3n autom\u00e1tico tiene privilegios que un visitante del panel no deber\u00eda tener."`
Auto-Update: 2024-05-05T23:55:30.245075+00:00 2024-05-05 23:58:21 +00:00			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://docs.avantra.com/release-notes/24/changes.html",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://support.avantra.com/support/solutions/articles/44002516766-xan-5367-security-vulnerability-fix-for-dashboards",`
			`"source": "cve@mitre.org"`
			`}`
			`]`
			`}`