exploitDog

GHSA-72c6-gcpg-6rw3

Опубликовано: 15 апр. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user

Ссылки

EPSS

Процентиль: 38%

0.00167

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2024-29839

CVSS3: 7.5

nvd

почти 2 года назад

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user

EPSS

Процентиль: 38%

0.00167

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-200