CVE-2024-55186
Description
An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.081
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2024-55186 are affected in Nuget - Oqtane.Client 6.0.0 | Windows |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Framework 6.0.0 | Windows |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Server 6.0.0 | Windows |
| Vulnerabilities CVE-2024-55186 are affected in Nuget - Oqtane.Shared 6.0.0 | Windows |
| Vulnerabilities CVE-2024-55186 are affected in Nuget - Oqtane.Client for Linux 6.0.0 | Linux |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Framework for Linux 6.0.0 | Linux |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Server for Linux 6.0.0 | Linux |
| Vulnerabilities CVE-2024-55186 are affected in Nuget - Oqtane.Shared for Linux 6.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234