How severe is CVE-2024-6696?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-6696?

This is classified as CWE-1220, which is a common weakness in software security.

CVE-2024-6696

MEDIUM Year: 2024

CVSS v3 Score

4.9

Medium

Weakness Type

CWE-1220

View all →

Vulnerability Description

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. (CWE-1220) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not correctly perform an authorization check in the user console trash content An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network.

CVE-2025-4979

MEDIUM

CVSS:4.9(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that ...

CWE-12202025

CVE-2023-50713

MEDIUM

CVSS:5.0(Medium)

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an appli...

CWE-12202023

CVE-2024-12619

MEDIUM

CVSS:5.2(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to intern...

CWE-12202024

CVE-2024-2412

MEDIUM

CVSS:5.3(Medium)

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registratio...

CWE-12202024

CVE-2025-1278

MEDIUM

CVSS:5.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restr...

CWE-12202025

CVE-2025-2408

MEDIUM

CVSS:5.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restri...

CWE-12202025

CVE-2024-6696

Vulnerability Description

Related Vulnerabilities

CVE-2025-4979

CVE-2023-50713

CVE-2024-12619

CVE-2024-2412

CVE-2025-1278

CVE-2025-2408