Home > Vulnerability Database > CVE-2024-55186

Mend.io Vulnerability Database

CVE-2024-55186

Date: December 19, 2024

An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users.

Language: C#

Severity Score

4.3

Related Resources (5)

Url: https://gist.github.com/SmitShah1518/00de9ecc46c1a8e2b189185c9d92afb0

Url: https://github.com/oqtane/oqtane.framework

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55186

Url: https://github.com/oqtane/oqtane.framework/pull/4876/files

Url: https://www.mend.io/vulnerability-database/CVE-2024-55186

Severity Score

4.3

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55186

Date: December 19, 2024

Language: C#

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?