How severe is CVE-2024-11146?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-11146?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2024-11146 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08.

Related Vulnerabilities

CVE-2017-0882

MEDIUM

CVSS:6.3(Medium)

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on Marc...

CWE-6392017

CVE-2021-3852

MEDIUM

CVSS:6.3(Medium)

growi is vulnerable to Authorization Bypass Through User-Controlled Key

CWE-6392021

CVE-2022-23173

MEDIUM

CVSS:6.3(Medium)

this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the funct...

CWE-6392022

CVE-2023-1463

MEDIUM

CVSS:6.3(Medium)

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

CWE-6392023

CVE-2024-33373

MEDIUM

CVSS:6.3(Medium)

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to a...

CWE-6392024

CVE-2024-52511

MEDIUM

CVSS:6.3(Medium)

Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no acc...

CWE-6392024