CVE-2024-4538

{"id": "CVE-2024-4538", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-07T12:15:10.030", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software", "source": "cve-coordination@incibe.es"}, {"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data."}, {"lang": "es", "value": "Vulnerabilidad IDOR en Janto Ticketing Software que afecta a la versi\u00f3n 4.3r10. Esta vulnerabilidad podr\u00eda permitir que un usuario remoto obtenga una entrada para un evento mediante la creaci\u00f3n de una solicitud espec\u00edfica con el ID de referencia de la entrada, lo que provocar\u00eda la exposici\u00f3n de datos confidenciales del usuario."}], "lastModified": "2024-11-21T09:43:03.833", "sourceIdentifier": "cve-coordination@incibe.es"}