CVE-2024-7266

Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*
cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*
cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*

History

10 Oct 2024, 16:15

Type Values Removed Values Added
Summary (en) Incorrect User Management vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. (en) Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.
CWE CWE-286

23 Aug 2024, 15:09

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de administración incorrecta de usuarios en Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP permite que un usuario que haya iniciado sesión enumere a todos los usuarios del sistema, incluidos los de otras organizaciones. Este problema afecta a EZD RP: desde la versión 15 hasta la 15.84, desde la versión 16 hasta la 16.15, desde la versión 17 hasta la 17.2.
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
References () https://cert.pl/en/posts/2024/08/CVE-2023-7265/ - () https://cert.pl/en/posts/2024/08/CVE-2023-7265/ - Broken Link
References () https://cert.pl/posts/2024/08/CVE-2023-7265/ - () https://cert.pl/posts/2024/08/CVE-2023-7265/ - Broken Link
References () https://www.gov.pl/web/ezd-rp - () https://www.gov.pl/web/ezd-rp - Product
First Time Nask ezd Rp
Nask
CPE cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:*

07 Aug 2024, 15:17

Type Values Removed Values Added
Summary (en) Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. (en) Incorrect User Management vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.

07 Aug 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 11:15

Updated : 2024-10-10 16:15


NVD link : CVE-2024-7266

Mitre link : CVE-2024-7266

CVE.ORG link : CVE-2024-7266


JSON object : View

Products Affected

nask

  • ezd_rp
CWE
CWE-863

Incorrect Authorization