How severe is CVE-2024-5891?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2024-5891?

This is classified as CWE-1390, which is a common weakness in software security.

CVE-2024-5891 - MEDIUM Severity | CVSS 4.2

Vulnerability Description

A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to.

Related Vulnerabilities

CVE-2023-41900

MEDIUM

CVSS:4.3(Medium)

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nest...

CWE-13902023

CVE-2025-0605

MEDIUM

CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass tw...

CWE-13902025

CVE-2023-41862

MEDIUM

CVSS:5.3(Medium)

Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0.

CWE-13902023

CVE-2024-47127

MEDIUM

CVSS:3.1(Low)

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vul...

CWE-13902024

CVE-2022-43400

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Act...

CWE-13902022

CVE-2024-13239

CRITICAL

CVSS:9.8(Critical)

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.

CWE-13902024