CVE-2024-55471
Description
Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.089
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Framework 6.0.0 | Windows |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Server 6.0.0 | Windows |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Framework for Linux 6.0.0 | Linux |
| Vulnerabilities CVE-2024-55470,CVE-2024-55471,CVE-2024-55186 are affected in Nuget - Oqtane.Server for Linux 6.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234