← back
CVE-2024-52528

Auth Token can be passed dummy or wrong the middleware response is 200 OK

CVSS 9.3 CRITICALEPSS 0.6%CWE-285
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected products
BudgetControl · Gateway

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/BudgetControl/Gateway/security/advisories/GHSA-jqx6-gm7f-vp7m