CVE-2024-55471: Oqtane Framework Insecure Direct Object Reference vulnerability

December 20, 2024

Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.

References

github.com/advisories/GHSA-hhcw-wwxv-g95c
github.com/oqtane/oqtane.framework
github.com/oqtane/oqtane.framework/pull/4880/files
medium.com/@Rudra_2158/cve-2024-55471-breaking-down-the-idor-vulnerability-in-oqtane-framework-c0f4b02f12fc
nvd.nist.gov/vuln/detail/CVE-2024-55471

Code Behaviors & Features

Detect and mitigate CVE-2024-55471 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →