3 matches found
CVE-2023-49112
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...
CVE-2023-49112
Kiuwan SAST is affected by CVE-2023-49112 due to an insecure API endpoint: /saas/rest/v1/info/application, which accepts only the application name and returns information about any application. The root cause is missing access control, allowing other authenticated users to read application data w...
CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...