CVE-2024-52872

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-52872

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52872.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52872

Published

2024-11-17T04:15:04.047Z

Modified

2026-04-10T05:19:38.770048Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions.

References

Affected packages

Git / github.com/flagsmith/flagsmith

Affected ranges

Type

GIT

Repo

https://github.com/flagsmith/flagsmith

Events

Introduced

Fixed

a3368fe44e13770132ffbaa6bfd300869d67970a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.134.1"
        }
    ]
}

Affected versions

2.*

2.9.0

flagsmith-api-v2.*

flagsmith-api-v2.67.0

flagsmith-docs-v2.*

flagsmith-docs-v2.66.2

flagsmith-frontend-v2.*

flagsmith-frontend-v2.67.1

flagsmith-frontend-v2.69.0

v1.*

v1.0.0

v1.0.1

v1.0.3

v1.1.2

v1.1.3

v1.1.5

v1.12.0

v1.3.2

v1.4.1

v1.9

v2.*

v2.1.0

v2.10.3

v2.100.0

v2.100.1

v2.101.0

v2.102.0

v2.103.0

v2.103.1

v2.103.2

v2.103.3

v2.103.4

v2.104.0

v2.104.1

v2.105.0

v2.105.1

v2.106.0

v2.107.0

v2.107.1

v2.107.2

v2.107.3

v2.107.4

v2.108.0

v2.108.1

v2.109.0

v2.11.0

v2.11.1

v2.11.2

v2.11.3

v2.11.4

v2.11.5

v2.110.0

v2.110.1

v2.110.2

v2.111.0

v2.111.1

v2.112.0

v2.113.0

v2.114.0

v2.114.1

v2.115.0

v2.116.0

v2.116.1

v2.116.2

v2.116.3

v2.117.0

v2.117.1

v2.118.0

v2.118.1

v2.119.0

v2.119.1

v2.12.0

v2.120.0

v2.121.0

v2.122.0

v2.123.0

v2.123.1

v2.124.0

v2.124.1

v2.124.2

v2.125.0

v2.126.0

v2.127.0

v2.127.1

v2.128.0

v2.129.0

v2.13.0

v2.130.0

v2.131.0

v2.132.0

v2.133.0

v2.133.1

v2.134.0

v2.14.0

v2.14.2

v2.15.0

v2.16.0

v2.16.1

v2.16.2

v2.17.0

v2.18.0

v2.18.1

v2.18.2

v2.18.3

v2.18.4

v2.18.5

v2.18.6

v2.18.7

v2.19.0

v2.19.1

v2.19.2

v2.2.0

v2.20.0

v2.20.1

v2.20.2

v2.20.3

v2.20.4

v2.20.5

v2.21.0

v2.21.1

v2.21.2

v2.22.4

v2.22.5

v2.22.6

v2.23.0

v2.23.1

v2.23.2

v2.23.3

v2.23.4

v2.23.5

v2.23.6

v2.24.0

v2.24.1

v2.24.3

v2.25.0

v2.25.1

v2.26.0

v2.26.1

v2.26.2

v2.26.3

v2.26.4

v2.26.5

v2.27.0

v2.27.1

v2.27.2

v2.28.0

v2.28.1

v2.28.2

v2.28.3

v2.28.4

v2.29.0

v2.29.1

v2.29.2

v2.29.3

v2.29.4

v2.29.6

v2.29.7

v2.30.0

v2.30.1

v2.31.0

v2.32.0

v2.32.1

v2.32.2

v2.32.3

v2.32.4

v2.32.5

v2.32.6

v2.33.0

v2.34.0

v2.34.1

v2.34.2

v2.34.3

v2.35.0

v2.35.1

v2.35.2

v2.35.3

v2.35.4

v2.35.5

v2.36.0

v2.36.1

v2.36.2

v2.37.0

v2.37.1

v2.38.0

v2.38.1

v2.38.2

v2.39.0

v2.39.1

v2.39.2

v2.40.0

v2.40.1

v2.41.0

v2.42.0

v2.42.1

v2.43.0

v2.44.0

v2.44.1

v2.45.0

v2.46.0

v2.46.1

v2.47.0

v2.47.1

v2.47.2

v2.48.0

v2.48.1

v2.48.2

v2.48.3

v2.48.4

v2.48.5

v2.49.0

v2.49.1

v2.49.2

v2.49.3

v2.49.4

v2.5.0

v2.5.2

v2.5.4

v2.5.5

v2.50.0

v2.50.1

v2.50.2

v2.50.3

v2.51.0

v2.51.1

v2.51.2

v2.52.0

v2.53.0

v2.54.0

v2.55.0

v2.55.1

v2.56.0

v2.56.1

v2.57.0

v2.58.0

v2.58.1

v2.59.0

v2.59.1

v2.59.2

v2.59.3

v2.6.0

v2.61.0

v2.62.0

v2.62.1

v2.62.2

v2.62.3

v2.62.4

v2.62.5

v2.63.0

v2.63.1

v2.63.2

v2.63.3

v2.64.0

v2.64.1

v2.65.0

v2.66.0

v2.66.1

v2.66.2

v2.67.0

v2.68.0

v2.69.0

v2.69.1

v2.7.0

v2.7.2

v2.7.3

v2.7.4

v2.70.0

v2.70.1

v2.70.2

v2.71.0

v2.72.0

v2.72.1

v2.73.0

v2.73.1

v2.74.0

v2.75.0

v2.76.0

v2.77.0

v2.78.0

v2.79.0

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.80.0

v2.81.0

v2.81.1

v2.82.0

v2.83.0

v2.84.0

v2.84.1

v2.84.2

v2.85.0

v2.86.0

v2.87.0

v2.88.0

v2.89.0

v2.9.1

v2.9.2

v2.9.4

v2.90.0

v2.91.0

v2.92.0

v2.93.0

v2.94.0

v2.95.0

v2.96.0

v2.97.0

v2.97.1

v2.98.0

v2.99.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52872.json"