The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions βVendor says that itβs not a security issue.β
[
{
"cpes": [
"cpe:2.3:a:accredible_credential.net:accredible_credential.net:december_6_2023:*:*:*:*:*:*:*"
],
"vendor": "accredible_credential.net",
"product": "accredible_credential.net",
"versions": [
{
"status": "affected",
"version": "december_6_2023"
}
],
"defaultStatus": "unknown"
}
]