Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1yNnBoLTVmcDItM3cyds4AA-xK

Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access

In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.

Permalink: https://github.com/advisories/GHSA-r6ph-5fp2-3w2v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNnBoLTVmcDItM3cyds4AA-xK
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 9 days ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-r6ph-5fp2-3w2v, CVE-2024-44076
References:

• https://nvd.nist.gov/vuln/detail/CVE-2024-44076
• https://github.com/microcks/microcks/issues/1212
• https://github.com/microcks/microcks/compare/1.9.1-fix-1...1.10.0
• https://github.com/microcks/microcks/commit/4bb98d76f050710e42f5978877fe70e2f6edabf0
• https://github.com/microcks/microcks/commit/a47d105eb45dac5a0712d6e6bf12b3a4347e5e68
• https://github.com/microcks/microcks/releases/tag/1.10.0
• https://github.com/advisories/GHSA-r6ph-5fp2-3w2v

Repository: https://github.com/microcks/microcks
Blast Radius: 0.0

Affected Packages