Common Weakness Enumeration

CWE-639

Allowed

Authorization Bypass Through User-Controlled Key

Abstraction: Base · Status: Incomplete

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

3226 vulnerabilities reference this CWE, most recent first.

CVE-2024-4538 (GCVE-0-2024-4538)

Vulnerability from cvelistv5 – Published: 2024-05-07 11:35 – Updated: 2024-08-01 20:40
VLAI
Title
IDOR vulnerability in Janto Ticketing Software
Summary
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
Impronta Janto Ticketing Software Affected: 4.3r10.cks
Create a notification for this product.
impronta janto_ticketing_system Affected: 4.3r10
    cpe:2.3:a:impronta:janto_ticketing_system:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-05-06 10:00
Credits
Alejandro Amorín Niño
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:impronta:janto_ticketing_system:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "janto_ticketing_system",
            "vendor": "impronta",
            "versions": [
              {
                "status": "affected",
                "version": "4.3r10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4538",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T17:25:50.417319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:56:30.333Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:40:47.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Janto Ticketing Software",
          "vendor": "Impronta",
          "versions": [
            {
              "status": "affected",
              "version": "4.3r10.cks"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alejandro Amor\u00edn Ni\u00f1o"
        }
      ],
      "datePublic": "2024-05-06T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user\u0027s event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data."
            }
          ],
          "value": "IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user\u0027s event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T11:35:47.621Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerabilities were fixed by the Impronta team in version 10.cks, released in November 2022. Following INCIBE\u0027s notification of the vulnerability, Impronta has again conducted a thorough review of the service and re-analysed the possible weaknesses of the validation process in the service call, including additional measures in version R11."
            }
          ],
          "value": "The vulnerabilities were fixed by the Impronta team in version 10.cks, released in November 2022. Following INCIBE\u0027s notification of the vulnerability, Impronta has again conducted a thorough review of the service and re-analysed the possible weaknesses of the validation process in the service call, including additional measures in version R11."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "IDOR vulnerability in Janto Ticketing Software",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2024-4538",
    "datePublished": "2024-05-07T11:35:47.621Z",
    "dateReserved": "2024-05-06T09:57:42.029Z",
    "dateUpdated": "2024-08-01T20:40:47.514Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4537 (GCVE-0-2024-4537)

Vulnerability from cvelistv5 – Published: 2024-05-07 11:35 – Updated: 2024-08-01 20:40
VLAI
Title
IDOR vulnerability in Janto Ticketing Software
Summary
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
Impronta Janto Ticketing Software Affected: 4.3r10.cks
Create a notification for this product.
impronta janto_ticketing_system Affected: 4.3r10.cks
    cpe:2.3:a:impronta:janto_ticketing_system:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-05-06 10:00
Credits
Alejandro Amorín Niño
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:impronta:janto_ticketing_system:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "janto_ticketing_system",
            "vendor": "impronta",
            "versions": [
              {
                "status": "affected",
                "version": "4.3r10.cks"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4537",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T13:47:07.891647Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:20.220Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:40:47.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Janto Ticketing Software",
          "vendor": "Impronta",
          "versions": [
            {
              "status": "affected",
              "version": "4.3r10.cks"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alejandro Amor\u00edn Ni\u00f1o"
        }
      ],
      "datePublic": "2024-05-06T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket."
            }
          ],
          "value": "IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T11:35:25.418Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerabilities were fixed by the Impronta team in version 10.cks, released in November 2022. Following INCIBE\u0027s notification of the vulnerability, Impronta has again conducted a thorough review of the service and re-analysed the possible weaknesses of the validation process in the service call, including additional measures in version R11."
            }
          ],
          "value": "The vulnerabilities were fixed by the Impronta team in version 10.cks, released in November 2022. Following INCIBE\u0027s notification of the vulnerability, Impronta has again conducted a thorough review of the service and re-analysed the possible weaknesses of the validation process in the service call, including additional measures in version R11."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "IDOR vulnerability in Janto Ticketing Software",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2024-4537",
    "datePublished": "2024-05-07T11:35:25.418Z",
    "dateReserved": "2024-05-06T09:57:41.048Z",
    "dateUpdated": "2024-08-01T20:40:47.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4464 (GCVE-0-2024-4464)

Vulnerability from cvelistv5 – Published: 2024-12-18 06:00 – Updated: 2024-12-18 16:21
VLAI
Summary
Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Synology Media Server Affected: * , < 2.0.5-3152 (semver)
Affected: * , < 2.2.0-3325 (semver)
Affected: * , < 1.4-2680 (semver)
Create a notification for this product.
Credits
TEAM TGLS (Best of the Best 12th) (https://zrr.kr/SWND)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4464",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T16:20:42.910355Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T16:21:15.401Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Media Server",
          "vendor": "Synology",
          "versions": [
            {
              "lessThan": "2.0.5-3152",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            },
            {
              "lessThan": "2.2.0-3325",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            },
            {
              "lessThan": "1.4-2680",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "TEAM TGLS (Best of the Best 12th) (https://zrr.kr/SWND)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T06:00:18.463Z",
        "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "shortName": "synology"
      },
      "references": [
        {
          "name": "Synology-SA-24:28 Media Server",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_28"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
    "assignerShortName": "synology",
    "cveId": "CVE-2024-4464",
    "datePublished": "2024-12-18T06:00:18.463Z",
    "dateReserved": "2024-05-03T08:17:45.842Z",
    "dateUpdated": "2024-12-18T16:21:15.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4341 (GCVE-0-2024-4341)

Vulnerability from cvelistv5 – Published: 2024-07-08 13:46 – Updated: 2026-06-03 14:07
VLAI
Title
IDOR in ExtremePacs's Extreme XDS
Summary
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3928.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
  • CWE-862 - Missing Authorization
Assigner
References
Impacted products
Vendor Product Version
ExtremePacs Extreme XDS Affected: 0 , < 3928 (custom)
Create a notification for this product.
extremepacs extreme_xds Affected: 0 , < 3928 (custom)
    cpe:2.3:a:extremepacs:extreme_xds:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Mustafa Anıl YILDIRIM
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:extremepacs:extreme_xds:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "extreme_xds",
            "vendor": "extremepacs",
            "versions": [
              {
                "lessThan": "3928",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4341",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T17:52:50.297417Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T17:53:48.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:40:46.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.usom.gov.tr/bildirim/tr-24-0893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Extreme XDS",
          "vendor": "ExtremePacs",
          "versions": [
            {
              "lessThan": "3928",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mustafa An\u0131l YILDIRIM"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.\u003cp\u003eThis issue affects Extreme XDS: before 3928.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.\n\nThis issue affects Extreme XDS: before 3928."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-569",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-569 Collect Data as Provided by Users"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T14:07:36.014Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-24-0893"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-0893"
        }
      ],
      "source": {
        "advisory": "TR-24-0893",
        "defect": [
          "TR-24-0893"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "IDOR in ExtremePacs\u0027s Extreme XDS",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2024-4341",
    "datePublished": "2024-07-08T13:46:12.791Z",
    "dateReserved": "2024-04-30T11:46:14.316Z",
    "dateUpdated": "2026-06-03T14:07:36.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4279 (GCVE-0-2024-4279)

Vulnerability from cvelistv5 – Published: 2024-05-16 05:33 – Updated: 2026-04-08 16:49
VLAI
Title
Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion
Summary
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow authenticated attackers, with Instructor-level permissions and above, to delete any course.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
themeum Tutor LMS – eLearning and online course solution Affected: 0 , ≤ 2.7.0 (semver)
Create a notification for this product.
themeum tutor_lms Affected: 0 , ≤ 2.7.0 (custom)
    cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*
Create a notification for this product.
Credits
Thanh Nam Tran
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tutor_lms",
            "vendor": "themeum",
            "versions": [
              {
                "lessThanOrEqual": "2.7.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4279",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-16T16:03:02.435431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T19:47:56.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:33:53.164Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45d04643-e43a-4732-91bf-e4af7b622e33?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course_List.php#L357"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/3086489/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Tutor LMS \u2013 eLearning and online course solution",
          "vendor": "themeum",
          "versions": [
            {
              "lessThanOrEqual": "2.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanh Nam Tran"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the \u0027tutor_course_delete\u0027 function due to missing validation on a user controlled key. This can allow authenticated attackers, with Instructor-level permissions and above, to delete any course."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:49:39.902Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45d04643-e43a-4732-91bf-e4af7b622e33?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course_List.php#L357"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3086489/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-15T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Tutor LMS \u2013 eLearning and online course solution \u003c= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-4279",
    "datePublished": "2024-05-16T05:33:25.813Z",
    "dateReserved": "2024-04-26T21:54:28.341Z",
    "dateUpdated": "2026-04-08T16:49:39.902Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4274 (GCVE-0-2024-4274)

Vulnerability from cvelistv5 – Published: 2024-06-04 05:32 – Updated: 2026-04-08 17:02
VLAI
Title
Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion
Summary
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
g5theme Essential Real Estate Affected: 0 , ≤ 4.4.4 (semver)
Create a notification for this product.
Credits
Lucio Sá
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4274",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T15:02:26.757138Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:25.043Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:33:53.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc41eb7-5c9a-4a67-902d-9a855840668b?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/essential-real-estate/trunk/public/partials/property/class-ere-property.php#L28"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Essential Real Estate",
          "vendor": "g5theme",
          "versions": [
            {
              "lessThanOrEqual": "4.4.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lucio S\u00e1"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:02:57.489Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc41eb7-5c9a-4a67-902d-9a855840668b?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/essential-real-estate/trunk/public/partials/property/class-ere-property.php#L28"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3110238%40essential-real-estate\u0026new=3110238%40essential-real-estate\u0026sfp_email=\u0026sfph_mail="
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3106467%40essential-real-estate\u0026new=3106467%40essential-real-estate\u0026sfp_email=\u0026sfph_mail="
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-03T16:39:54.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Essential Real Estate \u003c= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-4274",
    "datePublished": "2024-06-04T05:32:15.727Z",
    "dateReserved": "2024-04-26T19:48:45.348Z",
    "dateUpdated": "2026-04-08T17:02:57.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4154 (GCVE-0-2024-4154)

Vulnerability from cvelistv5 – Published: 2024-05-21 17:57 – Updated: 2025-01-31 11:05
VLAI
Title
Incorrect Synchronization in lunary-ai/lunary
Summary
In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the necessary permissions or being assigned to the project. This issue allows for unauthorized modification of project names, potentially leading to confusion or unauthorized access to project resources.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
lunary-ai lunary-ai/lunary Affected: unspecified , < 1.2.26 (custom)
Create a notification for this product.
lunary-ai lunary Affected: 1.2.2
    cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lunary",
            "vendor": "lunary-ai",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4154",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T18:30:28.034562Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:55:31.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:33:52.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/e56509af-f7af-4e1e-a04b-9cb53545f30f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lunary-ai/lunary",
          "vendor": "lunary-ai",
          "versions": [
            {
              "lessThan": "1.2.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project\u0027s endpoint with a new name for a project, despite not having the necessary permissions or being assigned to the project. This issue allows for unauthorized modification of project names, potentially leading to confusion or unauthorized access to project resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-31T11:05:21.786Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/e56509af-f7af-4e1e-a04b-9cb53545f30f"
        },
        {
          "url": "https://github.com/lunary-ai/lunary/commit/c43b6c62035f32ca455f66d5fd22ba661648cde7"
        }
      ],
      "source": {
        "advisory": "e56509af-f7af-4e1e-a04b-9cb53545f30f",
        "discovery": "EXTERNAL"
      },
      "title": "Incorrect Synchronization in lunary-ai/lunary"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-4154",
    "datePublished": "2024-05-21T17:57:28.152Z",
    "dateReserved": "2024-04-24T22:18:07.203Z",
    "dateUpdated": "2025-01-31T11:05:21.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4151 (GCVE-0-2024-4151)

Vulnerability from cvelistv5 – Published: 2024-05-20 14:14 – Updated: 2025-01-31 11:05
VLAI
Title
Improper Access Control in lunary-ai/lunary
Summary
An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
Impacted products
Vendor Product Version
lunary-ai lunary-ai/lunary Affected: unspecified , < 1.2.25 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4151",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T16:51:24.858142Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:09.488Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:33:52.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/4acfef85-dedf-43bd-8438-0d8aaa4ffa01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lunary-ai/lunary",
          "vendor": "lunary-ai",
          "versions": [
            {
              "lessThan": "1.2.25",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-31T11:05:21.243Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/4acfef85-dedf-43bd-8438-0d8aaa4ffa01"
        },
        {
          "url": "https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf"
        }
      ],
      "source": {
        "advisory": "4acfef85-dedf-43bd-8438-0d8aaa4ffa01",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Access Control in lunary-ai/lunary"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-4151",
    "datePublished": "2024-05-20T14:14:53.399Z",
    "dateReserved": "2024-04-24T21:48:24.330Z",
    "dateUpdated": "2025-01-31T11:05:21.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3306 (GCVE-0-2024-3306)

Vulnerability from cvelistv5 – Published: 2024-09-12 13:06 – Updated: 2026-06-03 14:14
VLAI
Title
IDOR in Utarit Information's SoliClub
Summary
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Utarit Information SoliClub Affected: 0 , < 4.4.0 (custom)
Affected: 0 , < 5.2.1 (custom)
Create a notification for this product.
utarit soliclub Affected: 0 , < 4.4.0 (custom)
Affected: 0 , < 5.2.1 (custom)
    cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Mustafa Anıl YILDIRIM
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "soliclub",
            "vendor": "utarit",
            "versions": [
              {
                "lessThan": "4.4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "5.2.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3306",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T19:09:09.452416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T19:10:03.125Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SoliClub",
          "vendor": "Utarit Information",
          "versions": [
            {
              "lessThan": "4.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mustafa An\u0131l YILDIRIM"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T14:14:38.955Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-24-1457"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1457"
        }
      ],
      "source": {
        "advisory": "TR-24-1457",
        "defect": [
          "TR-24-1457"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "IDOR in Utarit Information\u0027s SoliClub",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2024-3306",
    "datePublished": "2024-09-12T13:06:12.188Z",
    "dateReserved": "2024-04-04T12:00:34.676Z",
    "dateUpdated": "2026-06-03T14:14:38.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-3305 (GCVE-0-2024-3305)

Vulnerability from cvelistv5 – Published: 2024-09-12 13:03 – Updated: 2026-06-03 14:15
VLAI
Title
IDOR in Utarit Information's SoliClub
Summary
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
  • CWE-862 - Missing Authorization
Assigner
References
Impacted products
Vendor Product Version
Utarit Information SoliClub Affected: 0 , < 4.4.0 (custom)
Affected: 0 , < 5.2.1 (custom)
Create a notification for this product.
utarit soliclub Affected: 0 , < 4.4.0 (custom)
Affected: 0 , < 5.2.1 (custom)
    cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Mustafa Anıl YILDIRIM
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:utarit:soliclub:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "soliclub",
            "vendor": "utarit",
            "versions": [
              {
                "lessThan": "4.4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "5.2.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3305",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T18:45:06.544243Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T18:48:41.376Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SoliClub",
          "vendor": "Utarit Information",
          "versions": [
            {
              "lessThan": "4.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mustafa An\u0131l YILDIRIM"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.\u003cp\u003e\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.\n\n\u003c/p\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.\n\n\nThis issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T14:15:45.924Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-24-1457"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1457"
        }
      ],
      "source": {
        "advisory": "TR-24-1457",
        "defect": [
          "TR-24-1457"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "IDOR in Utarit Information\u0027s SoliClub",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2024-3305",
    "datePublished": "2024-09-12T13:03:13.863Z",
    "dateReserved": "2024-04-04T11:53:42.686Z",
    "dateUpdated": "2026-06-03T14:15:45.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.

Mitigation
Architecture and Design Implementation

Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.

Mitigation
Architecture and Design

Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.

No CAPEC attack patterns related to this CWE.