CVE-2024-52528 Vulnerability Details

  /     /     /  

CVE-2024-52528 Metadata Quick Info

CVE Published: 15/11/2024 | CVE Updated: 15/11/2024 | CVE Year: 2024
Source: GitHub_M | Vendor: BudgetControl | Product: Gateway
Status : PUBLISHED

CVE-2024-52528 Description

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-285
CWE Name: CWE-285: Improper Authorization
Source: BudgetControl

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: