Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:48186
HistoryJul 23, 2024 - 6:55 a.m.

Insecure Direct Object Reference (IDOR)

2024-07-2306:55:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
idor
github
sftpgo
vulnerability
security measures
jwt
nonces
expiration
invalidation
attacker
url parameters

AI Score

6.7

Confidence

High

EPSS

0

Percentile

9.6%

JSON

github.com/drakkan/sftpgo is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to the lack of proper security measures such as JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. The vulnerability allows an attacker with a valid intercepted token to access other users’ files and directories by manipulating URL parameters.

Related

vulnrichment 1
osv 2
cve 1
nvd 1
cvelist 1
github 1
vulnrichment
vulnrichment
CVE-2024-40430
2024-07-22 00:00:00
osv
osv
SFTPGo's JWT implmentation lacks certain security measures
2024-07-22 09:31:55
CVE-2024-40430
2024-07-22 07:15:02
cve
cve
CVE-2024-40430
2024-07-22 07:15:02
nvd
nvd
CVE-2024-40430
2024-07-22 07:15:02
cvelist
cvelist
CVE-2024-40430
2024-07-22 00:00:00
github
github
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
2024-07-22 09:31:55

AI Score

6.7

Confidence

High

EPSS

0

Percentile

9.6%

JSON
Related for VERACODE:48186
vulnrichment1osv2cve1nvd1cvelist1github1