| |
Vulnerability CVE-2023-49112
Published: 2024-06-20
| Description: |
Kiuwan provides an API endpoint
/saas/rest/v1/info/application
to get information about any
application, providing only its name via the "application" parameter. This endpoint lacks proper access
control mechanisms, allowing other authenticated users to read
information about applications, even though they have not been granted
the necessary rights to do so.
This issue affects Kiuwan SAST: <master.1808.p685.q13371 |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| C. Schwarz | 10.06.2024 |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References: |
https://r.sec-consult.com/kiuwan
https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
