Lucene search
PRIOn knowledge basePRION:CVE-2024-23329HistoryJan 19, 2024 - 8:15 p.m.
Design/Logic Flaw
2024-01-1920:15:00
PRIOn knowledge base
www.prio-n.com
3
changedetection.io
open source
website monitoring
unauthorized access
data privacy
vulnerability
upgrade
changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch/<uuid>/history can be accessed by any unauthorized user. As a result any unauthorized user can check one’s watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users’ data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| changedetection | ge | 0.39.14 | |
| changedetection | lt | 0.45.13 |
Related
osv
osv
PYSEC-2024-15
2024-01-19 20:15:00
CVE-2024-23329
2024-01-19 20:15:13
changedetection.io API endpoint is not secured with API token
2024-01-23 12:50:59
github
github
changedetection.io API endpoint is not secured with API token
2024-01-23 12:50:59
veracode
veracode
Missing Authorization
2024-01-23 10:43:43
nvd
nvd
CVE-2024-23329
2024-01-19 20:15:13
cvelist
cvelist
CVE-2024-23329 changedetection.io API endpoint is not secured with API token
2024-01-19 19:49:54
cve
cve
CVE-2024-23329
2024-01-19 20:15:13