7 matches found
CVE-2024-38446
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...
CVE-2024-38446
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...
CVE-2024-38446
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...
PT-2024-28006 · Nato · Nato Nci Anet
Name of the Vulnerable Software and Affected Versions: NATO NCI ANET version 3.4.1 Description: The issue concerns mishandling of report ownership. A user can create a report and change its author to any arbitrary user without their consent or knowledge. This is achieved by modifying the UUID in ...
CVE-2024-38446
CVE-2024-38446 concerns NATO NCI ANET 3.4.1. The vulnerability allows an attacker to create a report and, by altering a UUID in a POST request, change the report author to an arbitrary user without their consent. This is a logic/authorization issue where report ownership is mishandled. Affected c...
CVE-2024-38446
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...
CVE-2024-38446
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...