GHSA-hhcw-wwxv-g95c

Source

https://github.com/advisories/GHSA-hhcw-wwxv-g95c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-hhcw-wwxv-g95c/GHSA-hhcw-wwxv-g95c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hhcw-wwxv-g95c

Aliases

CVE-2024-55471

Published

2024-12-20T18:31:32Z

Modified

2024-12-20T19:59:35.706915Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Oqtane Framework Insecure Direct Object Reference vulnerability

Details

Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.

Database specific

{
    "nvd_published_at": "2024-12-20T16:15:24Z",
    "cwe_ids": [
        "CWE-639"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-20T19:42:16Z"
}

References

Affected packages

NuGet / Oqtane.Framework

Package

Name: Oqtane.Framework; View open source insights on deps.dev
Purl: pkg:nuget/Oqtane.Framework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.0.0

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

2.*

2.0.0

2.0.1

2.0.2

2.1.0

2.2.0

2.3.0

2.3.1

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.2.0

3.2.1

3.3.0

3.3.1

3.4.0

3.4.1

3.4.2

3.4.3

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

5.*

5.0.0

5.0.1

5.0.2

5.1.0

5.1.1

5.1.2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

6.*

6.0.0

NuGet / Oqtane.Server