5 matches found
CVE-2024-25635
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
CVE-2024-25635
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
CVE-2024-25635
CVE-2024-25635 affects alf.io prior to 2.0-Mr-2402, where an IDOR flaw in the /admin/api/users/ endpoint allows organization owners to view other org owners’ API KEYs and USERS. Root cause: improper access control on user data exposure; consequence is potential leakage of API credentials and sens...
CVE-2024-25635 IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...