CVE-2024-51992: Orchid Platform has Method Exposure Vulnerability in Modals

November 12, 2024 (updated December 16, 2024)

This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform’s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within the Screen class, leading to potential brute force of database tables, validation checks against user credentials, and disclosure of the server’s real IP address.

References

github.com/advisories/GHSA-cm46-gqf4-mv4f
github.com/orchidsoftware/platform
github.com/orchidsoftware/platform/security/advisories/GHSA-cm46-gqf4-mv4f
nvd.nist.gov/vuln/detail/CVE-2024-51992

Code Behaviors & Features

Detect and mitigate CVE-2024-51992 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →