CVE-2024-25635 | alf.io prior 2.0-M4-2402 API Endpoint /admin/api/users/ unknown vulnerability (GHSA-ffr5-g3qg-gp4f)

Inserito da Angelo Barbosa | Feb 20, 2024 | CVE

A vulnerability was found in alf.io. It has been rated as critical. This issue affects some unknown processing of the file /admin/api/users/ of the component API Endpoint. The manipulation leads to improper authorization of index containing sensitive information.

The identification of this vulnerability is CVE-2024-25635. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-25635 | alf.io prior 2.0-M4-2402 API Endpoint /admin/api/users/ unknown vulnerability (GHSA-ffr5-g3qg-gp4f)

Post correlati

CVE-2024-30415 | Huawei HarmonyOS/EMUI Window Management Module permission

CVE-2023-51835 | TRENDnet TEW-822DRE 1.03B02 /boafrm/formSystemCheck ipv4_ping Local Privilege Escalation

CVE-2023-52468 | Linux Kernel up to 6.6.13/6.7.1 Kasan class_register use after free (b57196a5ec5e/0f1486dafca3/93ec4a3b7640)

CVE-2024-25552 | W&T Com-Umlenkung PnP/Com-Umlenkung Legacy/OPC-Server Executable File unquoted search path (VDE-2024-018)