CVE-2024-50671

Published: Nov 25, 2024

Modified: Dec 4, 2024

PUBLISHED

Description

Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/adaptlearning/adapt_authoring

https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-50671

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-50671

Description

Affected Products

References