CVE-2024-0551

Name of the Vulnerable Software and Affected Versions Software (affected versions not specified)

Description The issue allows exports of the database and associated exported information of the system via the default user role. An attacker would need to have been granted access to the system prior to the attack. The endpoint for exporting is at a lower privilege level than expected. The export process starts a download and then deletes the export from the system, which reduces the risk due to the deterministic nature of the export name.

Recommendations To resolve the issue, the endpoint for exporting should be patched to a higher privilege level. At the moment, there is no information about a newer version that contains a fix for this vulnerability.