A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 04 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-538

Mon, 25 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat 3scale Api Management Platform
Weaknesses CWE-862
CPEs cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*
Vendors & Products Redhat 3scale Api Management Platform

Wed, 09 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
Title System: PDF invoices of the Developer users can be seen if the URL is known System: pdf invoices of the developer users can be seen if the url is known
First Time appeared Redhat
Redhat red Hat 3scale Amp
CPEs cpe:/a:redhat:red_hat_3scale_amp:2
Vendors & Products Redhat
Redhat red Hat 3scale Amp
References

Wed, 09 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title System: PDF invoices of the Developer users can be seen if the URL is known
Weaknesses CWE-538
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T21:04:35.612Z

Reserved: 2024-10-08T23:51:02.562Z

Link: CVE-2024-9671

cve-icon Vulnrichment

Updated: 2024-10-09T16:25:05.944Z

cve-icon NVD

Status : Modified

Published: 2024-10-09T15:15:17.513

Modified: 2024-12-04T08:15:07.357

Link: CVE-2024-9671

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-08T00:00:00Z

Links: CVE-2024-9671 - Bugzilla

cve-icon OpenCVE Enrichment

No data.