Authorization Bypass Through User-Controlled Key... · CVE-2024-3306 · GitHub Advisory Database · GitHub

Authorization Bypass Through User-Controlled Key...

High severity Unreviewed Published Sep 12, 2024 to the GitHub Advisory Database • Updated Sep 19, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.

References

Published by the National Vulnerability Database

Sep 12, 2024

Published to the GitHub Advisory Database Sep 12, 2024

Last updated Sep 19, 2024

Severity

High

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction None

Vulnerable System Impact Metrics

Confidentiality High

Integrity Low

Availability None

Subsequent System Impact Metrics

Confidentiality Low

Integrity Low

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X