CVE-2024-38447

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-38447

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38447.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-38447

Published

2024-07-17T18:15:03.990Z

Modified

2026-04-10T05:14:27.332263Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).

References

https://www.linkedin.com/pulse/idors-ncia-anet-v341-visionspace-technologies-hepxe

Affected packages

Git / github.com/nci-agency/anet

Affected ranges

Type

GIT

Repo

https://github.com/nci-agency/anet

Events

Introduced

Last affected

27e0df637e901e4a5b266a3f83b3b4e94e85a7a8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.4.1"
        }
    ]
}

Affected versions

0.*

0.0.14

2.*

2.0.0

2.0.0-beta1

2.0.1

2.0.1-beta1

2.0.1-beta2

2.0.1-beta3

2.0.1-beta4

2.0.1-beta5

2.0.1-beta6

2.0.1-beta7

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.2

2.0.3

2.0.3-beta1

2.0.3-beta2

2.0.4

2.0.5

2.0.7

2.0.8

2.1.0-b1

2.1.1

2.1.10

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.1.2

2.1.20

2.1.22

2.1.23

2.1.24

2.1.25

2.1.26

2.1.27

2.1.28

2.1.29

2.1.3

2.1.30

2.1.31

2.1.32

2.1.33

2.1.34

2.1.35

2.1.36

2.1.37

2.1.38

2.1.39

2.1.4

2.1.40

2.1.41

2.1.42

2.1.42-1

2.1.43

2.1.44

2.1.45

2.1.46

2.1.47

2.1.48

2.1.49

2.1.5

2.1.50

2.1.51

2.1.52

2.1.53

2.1.54

2.1.6

2.1.7

2.1.8

2.1.9

3.*

3.1.0

3.1.1

3.2.0

3.2.1

3.3.0

3.4.0

3.4.1

Other

g24eedc12

gceab9524

gef055a2c

v2.*

v2.1.41

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38447.json"