CVE-2024-9671

Опубликовано: 09 окт. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.

Ссылки

https://access.redhat.com/security/cve/CVE-2024-9671
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2317449
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.0026

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

CVE-2024-9671

CVSS3: 5.3

redhat

около 1 года назад

A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.

GHSA-5x39-cc3p-mj36

CVSS3: 5.3

github

около 1 года назад

A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.

EPSS

Процентиль: 49%

0.0026

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862