CVE-2024-55075

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 6, 2025
CWE ID 425

Summary

CVE-2024-55075 is a vulnerability affecting Grocy, an open-source inventory management system, up to version 4.3.0. This issue enables remote attackers to access sensitive information, such as calendar and recipe details, which are not displayed in the user interface through direct requests. This bypass can potentially lead to unauthorized data disclosure, posing a significant risk to users if not addressed promptly. Grocy urges users to upgrade to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share