CVE-2025-59034

Medium CVSS: 4.3

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. Users should to update to Indico 3.3.8 as soon as possible. As a workaround, it is possible to restrict access to the affected API (e.g. in the webserver config).

Vendor

Cern

Product

Indico

CWE

CWE-639

Yayın Tarihi

2025-09-10 16:15:41

Güncelleme

2025-09-17 21:31:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Indico MEDIUM Cern 2025

Referanslar

https://github.com/indico/indico/releases/tag/v3.3.8 https://github.com/indico/indico/security/advisories/GHSA-4269-mcfh-cp7q

Benzer Kayıtlar

High

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In vers…

Medium

CVE-2026-28352

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In vers…

Medium

CVE-2026-25735

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…

Medium

CVE-2026-25736

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…

High

CVE-2026-25136

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…

Medium

CVE-2026-25138

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific da…