CVE-2024-34519

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-289
View all →

Vulnerability Description

Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has privileges that a dashboard visitor should not have.

Related Vulnerabilities

CVE-2023-3263

HIGH
CVSS:7.5(High)

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.S...

CWE-2892023

CVE-2023-41890

HIGH
CVSS:7.5(High)

Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer...

CWE-2892023

CVE-2024-11283

HIGH
CVSS:7.5(High)

The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a...

CWE-2892024

CVE-2023-38487

HIGH
CVSS:8.2(High)

HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The...

CWE-2892023

CVE-2023-51663

MEDIUM
CVSS:5.3(Medium)

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from...

CWE-2892023

CVE-2021-34746

CRITICAL
CVSS:9.8(Critical)

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to byp...

CWE-2892021