CVE-2024-50967

CVSS 6.5 MEDIUMEPSS 1.6%CWE-862

Vexday Risk Score

28Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.5EPSS 1.6%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

17 Jan 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://datagerry.readthedocs.io/en/latest/api/rest/user-management.html#rights https://github.com/0xByteHunter/CVE-2024-50967 https://medium.com/@0xbytehunter/my-first-cve-discovery-of-broken-access-control-in-the-datagerry-platform-7b0404f88a43