How severe is CVE-2024-25635?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-25635?

This is classified as CWE-612, which is a common weakness in software security.

CVE-2024-25635 - HIGH Severity | CVSS 8.8

Vulnerability Description

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/<user_id>` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue.

Related Vulnerabilities

CVE-2022-35980

HIGH

CVSS:7.5(High)

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure v...

CWE-6122022

CVE-2022-35980

HIGH

CVSS:7.5(High)

CWE-6122022

CVE-2023-4560

MEDIUM

CVSS:6.5(Medium)

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.

CWE-6122023

CVE-2024-49071

MEDIUM

CVSS:6.5(Medium)

Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.

CWE-6122024

CVE-2022-41918

MEDIUM

CVSS:6.3(Medium)

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level sec...

CWE-6122022

CVE-2022-22565

LOW

CVSS:3.8(Low)

Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerabil...

CWE-6122022