Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-995c-qww8-64fj

Опубликовано: 20 дек. 2024
Источник: github
Github: Прошло ревью
CVSS4: 7.7
CVSS3: 7.5

Описание

Oqtane Framework Incorrect Access Control vulnerability

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication.

Ссылки

Пакеты

Наименование

Oqtane.Framework

nuget
Затронутые версииВерсия исправления

<= 6.0.0

Отсутствует

Наименование

Oqtane.Server

nuget
Затронутые версииВерсия исправления

<= 6.0.0

Отсутствует

EPSS

Процентиль: 16%
0.0005
Низкий

7.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-55470

Дефекты

CWE-290

Связанные уязвимости

nvd логотип

CVE-2024-55470

CVSS3: 7.5
nvd
около 1 года назад

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication.

EPSS

Процентиль: 16%
0.0005
Низкий

7.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-55470

Дефекты

CWE-290