CVE-2024-45050

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-45050

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45050.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45050

Aliases

GHSA-cpc7-79cg-qv65

Published

2024-09-04T15:39:50.991Z

Modified

2026-03-14T12:36:20.615588Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

Ringer Server Does Not Check Members When Loading Messages

Details

Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-862"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45050.json"
}

References

Affected packages

Git / github.com/lif-platforms/new-ringer-server

Affected ranges

Type: GIT
Repo: https://github.com/lif-platforms/new-ringer-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3ff1b2c65fe646a4d5c3cdee5edd41ef9f22adb4

Affected versions

1.*

1.2.0

1.2.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45050.json"