CVE-2024-50671

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 25, 2024
Updated: Dec 4, 2024
CWE ID 863

Summary

CVE-2024-50671 is a vulnerability affecting Adapt Learning Adapt Authoring Tool versions below 0.11.3. This issue stems from incorrect access control, allowing authenticated users with the role of User to access email addresses of other users via the "Get users" feature. The cause of the vulnerability lies in a flawed permission verification logic, which incorrectly grants access to endpoints restricted to Super Admin roles due to the use of a wildcard character in permitted URLs. Consequently, attackers can obtain the email addresses of all users within the system.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share