Home > Vulnerability Database > CVE-2024-23329

Mend.io Vulnerability Database

CVE-2024-23329

Good to know:

Date: January 19, 2024

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Python

Severity Score

3.7

Related Resources (4)

Url: https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23329

Url: https://github.com/dgtlmoon/changedetection.io/commit/402f1e47e78ecd155b1e90f30cce424ff7763e0f

Url: https://www.mend.io/vulnerability-database/CVE-2024-23329

Severity Score

3.7

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version changedetection.io - 0.45.13

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23329

Good to know:

Date: January 19, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?