Описание
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-system-container | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-862
https://bugzilla.redhat.com/show_bug.cgi?id=2317449System: PDF invoices of the Developer users can be seen if the URL is known
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
около 1 года назад
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
CVSS3: 5.3
github
около 1 года назад
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
5.3 Medium
CVSS3