CVE-2024-6322

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.
Configurations

No configuration.

History

21 Aug 2024, 12:30

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-20 18:15

Updated : 2024-08-21 12:30


NVD link : CVE-2024-6322

Mitre link : CVE-2024-6322

CVE.ORG link : CVE-2024-6322


JSON object : View

Products Affected

No product.

CWE
CWE-266

Incorrect Privilege Assignment