Unauthorized Access to Sensitive Information via ACLs
CVE-2024-38787
7.5HIGH
Key Information
- Vendor
- Codection
- Status
- Import And Export Users And Customers
- Vendor
- CVE Published:
- 13 August 2024
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8.
Affected Version(s)
Import and export users and customers <= 1.26.8
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
emad (Patchstack Alliance)