CVE-2024-25634

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-497
View all →

Vulnerability Description

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue.

Related Vulnerabilities

CVE-2021-0291

MEDIUM
CVSS:6.5(Medium)

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthen...

CWE-4972021

CVE-2022-2403

MEDIUM
CVSS:6.5(Medium)

A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to an...

CWE-4972022

CVE-2022-4968

MEDIUM
CVSS:6.5(Medium)

netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.

CWE-4972022

CVE-2023-20111

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due t...

CWE-4972023

CVE-2023-23472

MEDIUM
CVSS:6.5(Medium)

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

CWE-4972023

CVE-2023-4605

MEDIUM
CVSS:6.5(Medium)

A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information.

CWE-4972023