CVE-2024-37767

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions 14Finger version 1.1

Description The issue is related to insecure permissions in the component "/api/admin/user" that allows attackers to access all user information via a crafted GET request.

Recommendations For 14Finger version 1.1, consider restricting access to the "/api/admin/user" endpoint until a patch is available. As a temporary workaround, limit the information that can be retrieved via GET requests to this endpoint to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2024-37767

Affected Products

14Finger

CVE-2024-37767

Weakness Enumeration

Related Identifiers

Affected Products

References · 7