Lucene search

INCIBEVULNRICHMENT:CVE-2024-4537

HistoryMay 07, 2024 - 11:35 a.m.

CVE-2024-4537 IDOR vulnerability in Janto Ticketing Software

2024-05-0711:35:25

CWE-639

INCIBE

github.com

idor

janto ticketing software

version 4.3r10

remote user

purchased ticket

download url

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:impronta:janto_ticketing_system:*:*:*:*:*:*:*:*"
    ],
    "vendor": "impronta",
    "product": "janto_ticketing_system",
    "versions": [
      {
        "status": "affected",
        "version": "4.3r10.cks"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-4537