PT-2024-28007 · Nato · Nato Nci Anet
Andy Olchawa
+1
·
Published
2024-07-17
·
Updated
2024-08-01
·
CVE-2024-38447
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
NATO NCI ANET version 3.4.1
Description
The issue allows for Insecure Direct Object Reference via a modified
ID field in a request for a private draft report that belongs to an arbitrary user.Recommendations
For NATO NCI ANET version 3.4.1, consider restricting access to private draft reports to prevent unauthorized access until a fix is available. As a temporary workaround, restrict the ability to modify the
ID field in requests for private draft reports.Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nato Nci Anet