PT-2024-28220 · Unknown · Codection Import/Export Users/Customers

Emad

Published

2024-08-13

Updated

2024-08-17

CVE-2024-38787

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Codection Import and export users and customers versions n/a through 1.26.8

Description The issue allows exposure of sensitive information to an unauthorized actor due to accessing functionality not properly constrained by ACLs. This affects the import and export users and customers functionality.

Recommendations For versions n/a through 1.26.8, update to a version that properly constrains functionality by ACLs to prevent unauthorized access to sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-201CWE-200

Related Identifiers

CVE-2024-38787

Affected Products

Codection Import/Export Users/Customers

PT-2024-28220 · Unknown · Codection Import/Export Users/Customers

CVE-2024-38787

Weakness Enumeration

Related Identifiers

Affected Products

References · 8