3 matches found
CVE-2024-50633
A Broken Object Level Authorization BOLA vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain...
CVE-2024-50633
creationtimestamp| type| source ---|---|--- 2025-01-16 17:22:54+00:00| seen| https://infosec.exchange/users/cve/statuses/113839189115908037 2025-01-16 18:15:48+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfuv6cfvxf2r 2025-01-16 20:24:56+00:00| seen|...
CVE-2024-50633
A Broken Object Level Authorization BOLA vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain...