MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.
References
Configurations
No configuration.
History
17 Jun 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Jun 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-14 20:15
Updated : 2024-06-17 12:42
NVD link : CVE-2024-37889
Mitre link : CVE-2024-37889
CVE.ORG link : CVE-2024-37889
JSON object : View
Products Affected
No product.
CWE
CWE-639
Authorization Bypass Through User-Controlled Key