CVE-2024-45050

{"id": "CVE-2024-45050", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2024-09-04T16:15:07.480", "references": [{"url": "https://github.com/Lif-Platforms/New-Ringer-Server/commit/ae795ff47b2ac2656ac6a099a0e7954ca7d9ba53", "source": "security-advisories@github.com"}, {"url": "https://github.com/Lif-Platforms/New-Ringer-Server/security/advisories/GHSA-cpc7-79cg-qv65", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch."}, {"lang": "es", "value": "El servidor Ringer es el c\u00f3digo del servidor de la aplicaci\u00f3n de mensajer\u00eda Ringer. Antes de la versi\u00f3n 1.3.1, hab\u00eda un problema con la ruta de carga de mensajes en el que el servidor Ringer no verificaba que el usuario que cargaba la conversaci\u00f3n fuera realmente miembro de esa conversaci\u00f3n. Esto permit\u00eda que cualquier usuario con una cuenta Lif cargara cualquier conversaci\u00f3n entre dos usuarios sin permiso. Este problema se hab\u00eda solucionado en la versi\u00f3n 1.3.1. No se requiere ninguna acci\u00f3n por parte de los usuarios. Las plataformas Lif actualizar\u00e1n sus servidores con el parche."}], "lastModified": "2024-09-05T12:53:21.110", "sourceIdentifier": "security-advisories@github.com"}