CVE-2024-55075
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Jan 6, 2025
CWE ID 425
Summary
CVE-2024-55075 is a vulnerability affecting Grocy, an open-source inventory management system, up to version 4.3.0. This issue enables remote attackers to access sensitive information, such as calendar and recipe details, which are not displayed in the user interface through direct requests. This bypass can potentially lead to unauthorized data disclosure, posing a significant risk to users if not addressed promptly. Grocy urges users to upgrade to the latest version to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share