Broken Access Control

Indico is vulnerable to Broken Access Control. the vulnerability is due to improper authorization logic that fails to verify the caller's privileges, allowing attackers to invoke the API and obtain profile details of other users without admin permissions...

PT-2025-29511 · Unknown +1 · Flask-Multipass +1

Name of the Vulnerable Software and Affected Versions: Indico versions 2.2 through 3.3.7 Description: Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. An endpoint used to display details of users listed in certain fields could be...