CVE-2024-55470

Name of the Vulnerable Software and Affected Versions Oqtane Framework version 6.0.0

Description The issue concerns Incorrect Access Control, allowing attackers to bypass passcode validation by manipulating the entityid parameter. This enables them to log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication.

Recommendations For Oqtane Framework version 6.0.0, as a temporary workaround, consider restricting the use of the entityid parameter until a patch is available. Additionally, disabling client-side authentication and implementing server-side validation can help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.