CVE-2024-50633

Unknown CVSS: -

A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer).

Vendor

Cern

Product

Indico

CWE

CWE-201

Yayın Tarihi

2025-01-16 18:15:24

Güncelleme

2025-09-19 18:48:08

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-201 Indico Cern 2025

Referanslar

https://github.com/cetinpy/CVE-2024-50633 https://github.com/cetinpy/CVE-2024-50633/issues/1

Benzer Kayıtlar

High

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In vers…

Medium

CVE-2026-28352

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In vers…

Medium

CVE-2026-25735

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…

Medium

CVE-2026-25736

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…

High

CVE-2026-25136

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…

Medium

CVE-2026-25138

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…