CVE-2024-55470
Description
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.038
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Framework 6.0.0 | Windows |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Server 6.0.0 | Windows |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Framework for Linux 6.0.0 | Linux |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Server for Linux 6.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234