CVE-2024-10363

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions.

Related Vulnerabilities

CVE-2013-6739

MEDIUM
CVSS:5.4(Medium)

IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855.

CWE-2842013

CVE-2015-5017

MEDIUM
CVSS:5.4(Medium)

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 ...

CWE-2842015

CVE-2016-0342

MEDIUM
CVSS:5.4(Medium)

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant o...

CWE-2842016

CVE-2016-10223

MEDIUM
CVSS:5.4(Medium)

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashb...

CWE-2842016

CVE-2016-2100

MEDIUM
CVSS:5.4(Medium)

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permissio...

CWE-2842016

CVE-2016-5502

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect...

CWE-2842016