GHSA-r6ph-5fp2-3w2v

Source

https://github.com/advisories/GHSA-r6ph-5fp2-3w2v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-r6ph-5fp2-3w2v/GHSA-r6ph-5fp2-3w2v.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-r6ph-5fp2-3w2v

Aliases

CVE-2024-44076

Published

2024-08-19T03:30:48Z

Modified

2024-11-19T05:55:47.082440Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access

Details

In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.

Database specific

{
    "nvd_published_at": "2024-08-19T03:15:03Z",
    "cwe_ids": [
        "CWE-269",
        "CWE-863"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-19T21:48:56Z"
}

References

Affected packages

Maven / io.github.microcks:microcks-app

Package

Name: io.github.microcks:microcks-app; View open source insights on deps.dev
Purl: pkg:maven/io.github.microcks/microcks-app

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.0

Affected versions

1.*

1.0.0-RC1

1.0.0

1.1.0

1.1.1

1.2.0

1.2.1

1.3.0

1.4.0

1.4.1

1.4.1-fix-1

1.4.1-fix-2

1.5.0-RC1

1.5.0-RC2

1.5.0

1.5.1-RC1

1.5.1

1.5.1-fix-1

1.5.2-RC1

1.5.2

1.6.0-RC1

1.6.0

1.6.0-fix-1

1.6.0-fix-2

1.6.1

1.7.0-RC1

1.7.0

1.7.1

1.7.1-fix-1

1.8.0

1.8.0-fix-1

1.8.1-M1

1.8.1

1.9.0

1.9.0-fix-1

1.9.0-fix-2

1.9.1

1.9.1-fix-1