CVE-2024-39319 Vulnerability Details

  /     /     /  

CVE-2024-39319 Metadata Quick Info

CVE Published: 26/09/2024 | CVE Updated: 26/09/2024 | CVE Year: 2024
Source: GitHub_M | Vendor: aimeos | Product: ai-controller-frontend
Status : PUBLISHED

---

CVE-2024-39319 Description

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-639
CWE Name: CWE-639: Authorization Bypass Through User-Controlled Key
Source: aimeos

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).