CVE-2024-27113
11.09.2024, 14:15
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02.Enginsight
| Vendor | Product | Version |
|---|---|---|
| soplanning | soplanning | 𝑥 < 1.52.02 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-639 - Authorization Bypass Through User-Controlled KeyThe system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
References