Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:7 p.m.20 views

CVE-2024-25635

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

8.8CVSS6.7AI score0.00716EPSS
Exploits1References1
NVD
NVD
added 2024/02/19 8:15 p.m.38 views

CVE-2024-25635

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

8.8CVSS8.7AI score0.00716EPSS
Exploits1References1
OSV
OSV
added 2024/02/19 7:48 p.m.23 views

CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

8.8CVSS8.5AI score0.00716EPSS
Exploits1References3
CVE
CVE
added 2024/02/19 7:48 p.m.89 views

CVE-2024-25635

CVE-2024-25635 affects alf.io prior to 2.0-Mr-2402, where an IDOR flaw in the /admin/api/users/ endpoint allows organization owners to view other org owners’ API KEYs and USERS. Root cause: improper access control on user data exposure; consequence is potential leakage of API credentials and sens...

8.8CVSS8.7AI score0.00716EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/19 7:48 p.m.16 views

CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...

8.8CVSS6.8AI score0.00716EPSS
Exploits1References1
Rows per page
Query Builder