CVE-2024-52528

EUVD-2024-45939
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
budgetcontrolgateway
𝑥
< 1.5.2
ADP
Common Weakness Enumeration
References
https://github.com/BudgetControl/Gateway/security/advisories/GHSA-jqx6-gm7f-vp7m