Home > Vulnerability Database > CVE-2024-45050

Mend.io Vulnerability Database

CVE-2024-45050

Date: September 4, 2024

Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch.

Language: Python

Severity Score

7.1

Related Resources (4)

Url: https://github.com/Lif-Platforms/New-Ringer-Server/commit/ae795ff47b2ac2656ac6a099a0e7954ca7d9ba53

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45050

Url: https://github.com/Lif-Platforms/New-Ringer-Server/security/advisories/GHSA-cpc7-79cg-qv65

Url: https://www.mend.io/vulnerability-database/CVE-2024-45050

Severity Score

7.1

Weakness Type (CWE)

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45050

Date: September 4, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?