Podatność CVE-2023-49112
Publikacja: 2024-06-20

Opis:
Kiuwan provides an API endpoint

/saas/rest/v1/info/application

to get information about any
application, providing only its name via the "application" parameter. This endpoint lacks proper access
control mechanisms, allowing other authenticated users to read
information about applications, even though they have not been granted
the necessary rights to do so.



This issue affects Kiuwan SAST: <master.1808.p685.q13371

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Med.
Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR
C. Schwarz
10.06.2024

Typ:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 Referencje:
https://r.sec-consult.com/kiuwan
https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log
Copyright 2024, cxsecurity.com

 

Back to Top