← voltar
CVE-2024-52528

Auth Token can be passed dummy or wrong the middleware response is 200 OK

CVSS 9.3 CRITICALEPSS 0.6%CWE-285
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 nov 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Produtos afetados
BudgetControl · Gateway

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/BudgetControl/Gateway/security/advisories/GHSA-jqx6-gm7f-vp7m