PT-2025-24348 · Mops App+1 · Mops App+1
Published
2025-06-07
·
Updated
2025-06-13
·
CVE-2024-55585
CVSS v4.0
9.0
Critical
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/RE:M/U:Red |
Name of the Vulnerable Software and Affected Versions
moPS App versions 1.8.618 and earlier
moPS App Engine version 1.8.618
Description
The issue allows all users to access administrative API endpoints, such as "/api/admin", without requiring additional authentication. This results in unrestricted read and write access. The problem is caused by incorrect access control.
Recommendations
For moPS App versions 1.8.618 and earlier, update to a version that properly enforces access control to administrative API endpoints.
For moPS App Engine version 1.8.618, restrict access to administrative API endpoints until a proper fix is applied.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mops App
Mops App Engine