CVE-2024-50633
Summary: CVE-2024-50633 describes a Broken Object Level Authorization (BOLA) in Indico through 3.3.5, where a crafted POST to /api/principals can cause attackers to read information from other user accounts. Affected scope (supported by documents): Indico in versions up to 3.3.5 (notably includin...