CVE-2024-55186

Published: Dec 20, 2024

Modified: Dec 20, 2024

PUBLISHED

Description

An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/oqtane/oqtane.framework/pull/4876/files

https://gist.github.com/SmitShah1518/00de9ecc46c1a8e2b189185c9d92afb0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-55186

Description

Affected Products

References