CVE-2024-55470

{"id": "CVE-2024-55470", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-12-20T16:15:23.977", "references": [{"url": "https://gist.github.com/Kaushikjoshi/2d8ad350ba5e72030fcee2536498cfe4", "source": "cve@mitre.org"}, {"url": "https://github.com/oqtane/oqtane.framework/pull/4878/files", "source": "cve@mitre.org"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication."}, {"lang": "es", "value": "Oqtane Framework 6.0.0 es vulnerable a un control de acceso incorrecto. Al manipular el par\u00e1metro entityid, los atacantes pueden eludir la validaci\u00f3n de la contrase\u00f1a e iniciar sesi\u00f3n correctamente en la aplicaci\u00f3n o acceder a datos restringidos sin la autorizaci\u00f3n correspondiente. La falta de validaci\u00f3n del lado del servidor agrava el problema, ya que la aplicaci\u00f3n depende de la informaci\u00f3n del lado del cliente para la autenticaci\u00f3n."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cve@mitre.org"}