Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/b1ackc4t/14Finger/issues/12 |
History
Thu, 07 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
B1ackc4t
B1ackc4t 14finger |
|
Weaknesses | CWE-306 | |
CPEs | cpe:2.3:a:b1ackc4t:14finger:1.1:*:*:*:*:*:*:* | |
Vendors & Products |
B1ackc4t
B1ackc4t 14finger |
|
Metrics |
ssvc
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-05T00:00:00
Updated: 2024-11-07T16:02:01.518Z
Reserved: 2024-06-10T00:00:00
Link: CVE-2024-37767
Vulnrichment
Updated: 2024-08-02T03:57:39.737Z
NVD
Status : Awaiting Analysis
Published: 2024-07-05T17:15:11.533
Modified: 2024-11-07T16:35:17.313
Link: CVE-2024-37767
Redhat
No data.