CVE-2024-28087

Name of the Vulnerable Software and Affected Versions Bonitasoft runtime Community edition (affected versions not specified)

Description The issue is related to the lack of dynamic permissions in the Community edition of Bonitasoft runtime, which causes an Insecure Direct Object Reference (IDOR) issue. It is mentioned that dynamic permissions were previously only available in the Subscription edition but have now been added to the Community edition, albeit without customization options.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.