Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.
References
Link | Resource |
---|---|
https://cert.pl/en/posts/2024/08/CVE-2023-7265/ | Broken Link |
https://cert.pl/posts/2024/08/CVE-2023-7265/ | Broken Link |
https://www.gov.pl/web/ezd-rp | Product |
Configurations
Configuration 1 (hide)
|
History
10 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. | |
CWE |
23 Aug 2024, 15:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-863 | |
First Time |
Nask ezd Rp
Nask |
|
CPE | cpe:2.3:a:nask:ezd_rp:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | () https://cert.pl/en/posts/2024/08/CVE-2023-7265/ - Broken Link | |
References | () https://cert.pl/posts/2024/08/CVE-2023-7265/ - Broken Link | |
References | () https://www.gov.pl/web/ezd-rp - Product |
07 Aug 2024, 15:17
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Incorrect User Management vulnerability in Naukowa i Akademicka Sie? Komputerowa - Pa?stwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. |
07 Aug 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-07 11:15
Updated : 2024-10-10 16:15
NVD link : CVE-2024-7266
Mitre link : CVE-2024-7266
CVE.ORG link : CVE-2024-7266
JSON object : View
Products Affected
nask
- ezd_rp
CWE
CWE-863
Incorrect Authorization