CVE-2024-25983

Summary

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).

Affected Software

VendorProductVersion RangeStatus
4.3.0 < 4.3.3affected
4.2.0 < 4.2.6affected
0 < 4.1.9affected

Weaknesses

  • CWE-639: Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References