CVE-2024-22455

MEDIUM Year: 2024
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.

Related Vulnerabilities

CVE-2023-30550

MEDIUM
CVSS:4.5(Medium)

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administ...

CWE-6392023

CVE-2023-6144

MEDIUM
CVSS:4.8(Medium)

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.

CWE-6392023

CVE-2024-38827

MEDIUM
CVSS:4.8(Medium)

The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.

CWE-6392024

CVE-2017-0920

MEDIUM
CVSS:4.3(Medium)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an...

CWE-6392017

CVE-2017-15195

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

CWE-6392017

CVE-2017-15196

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.

CWE-6392017