PT-2024-24624 · Hamid Alinia · Idehweb
Emili Castells
·
Published
2024-05-17
·
Updated
2024-05-17
·
CVE-2024-32507
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hamid Alinia – idehweb versions 1.7.16 and earlier
Description
The issue is related to improper privilege management, allowing privilege escalation through the 'Login with phone number' feature.
Recommendations
For versions 1.7.16 and earlier, update to a version that fixes the improper privilege management issue.
As a temporary workaround, consider restricting access to the 'Login with phone number' feature until a patch is available.
Fix
Improper Privilege Management
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Idehweb