How severe is CVE-2024-23329?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-23329?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-23329 - LOW Severity | CVSS 3.7

Vulnerability Description

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2021-20429

LOW

CVSS:3.7(Low)

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.

CWE-8632021

CVE-2024-43944

LOW

CVSS:3.7(Low)

Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & C...

CWE-8632024

CVE-2024-9654

LOW

CVSS:3.7(Low)

The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_em...

CWE-8632024

CVE-2025-47937

LOW

CVSS:3.7(Low)

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing...

CWE-8632025

CVE-2020-6752

LOW

CVSS:3.8(Low)

In OMERO before 5.6.1, group owners can access members' data in other groups.

CWE-8632020

CVE-2022-0333

LOW

CVSS:3.8(Low)

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any ca...

CWE-8632022