CVE-2024-56114

Name of the Vulnerable Software and Affected Versions Canlineapp Online version 1.1

Description The issue concerns improper authorization checks, allowing users with the Auditor role to create an audit template, a feature designated for the supervisor role. This results from broken access control, enabling auditors to successfully create audit templates from their accounts.

Recommendations For Canlineapp Online version 1.1, consider restricting the create audit template function to only the supervisor role as a temporary workaround until a patch is available. Restrict access to the audit template creation feature for users with the Auditor role to minimize the risk of exploitation.