CVE-2024-55471

Name of the Vulnerable Software and Affected Versions Oqtane Framework (affected versions not specified)

Description The issue is related to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController, allowing unauthorized users to access sensitive information of other users by manipulating the id parameter.

Recommendations As a temporary workaround, consider restricting access to the Oqtane.Controllers.UserController to minimize the risk of exploitation. Avoid using the id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.