CVE-2024-44076: Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
(updated )
In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.
References
- github.com/advisories/GHSA-r6ph-5fp2-3w2v
- github.com/microcks/microcks
- github.com/microcks/microcks/commit/4bb98d76f050710e42f5978877fe70e2f6edabf0
- github.com/microcks/microcks/commit/a47d105eb45dac5a0712d6e6bf12b3a4347e5e68
- github.com/microcks/microcks/compare/1.9.1-fix-1...1.10.0
- github.com/microcks/microcks/issues/1212
- github.com/microcks/microcks/releases/tag/1.10.0
- nvd.nist.gov/vuln/detail/CVE-2024-44076
Code Behaviors & Features
Detect and mitigate CVE-2024-44076 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →