CVE-2024-11146

Name of the Vulnerable Software and Affected Versions TrueFiling versions prior to 3.1.112.19

Description TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters, and self-represented filers collect public legal documentation into cases. The system trusted some client-controlled identifiers passed in URL requests to retrieve information, allowing authenticated users to manipulate these identifiers and gain partial access to case information, as well as partially change user access to case information. All users of the platform must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information.

Recommendations For versions prior to 3.1.112.19, update to version 3.1.112.19 or later to address the vulnerability. As a temporary workaround, consider restricting access to sensitive case information until the update is applied. Additionally, users should be cautious when manipulating client-controlled identifiers to prevent unauthorized access to case information.