CVE-2024-24741

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.

Related Vulnerabilities

CVE-2017-1000243

MEDIUM
CVSS:4.3(Medium)

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

CWE-8622017

CVE-2017-1000388

MEDIUM
CVSS:4.3(Medium)

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modif...

CWE-8622017

CVE-2017-1000390

MEDIUM
CVSS:4.3(Medium)

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.

CWE-8622017

CVE-2017-1000400

MEDIUM
CVSS:4.3(Medium)

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current ...

CWE-8622017

CVE-2017-17693

MEDIUM
CVSS:4.3(Medium)

Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.

CWE-8622017

CVE-2017-2662

MEDIUM
CVSS:4.3(Medium)

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respec...

CWE-8622017