PT-2024-34702 · Wave · Wave
Mohit Gadiya
·
Published
2024-11-04
·
Updated
2024-11-22
·
CVE-2024-51559
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Wave version 2.0
Description
This issue is caused by improper or missing authorization checks on certain API endpoints. An authenticated remote attacker could exploit this by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts.
Recommendations
For Wave version 2.0, consider restricting access to vulnerable API endpoints until a patch is available. As a temporary workaround, limit the manipulation of API input parameters to prevent unauthorized access.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wave