CVE-2022-30354

Name of the Vulnerable Software and Affected Versions OvalEdge versions 5.2.8.0 and earlier

Description The issue allows for Sensitive Data Exposure through a GET request to "/user/getUserWithTeam". This requires authentication and discloses information associated with all registered user ID numbers.

Recommendations For OvalEdge versions 5.2.8.0 and earlier, as a temporary workaround, consider restricting access to the "/user/getUserWithTeam" endpoint until a patch is available. Additionally, review authentication mechanisms to ensure they are secure and limit exposure of sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.