CVE-2024-9671

{"id": "CVE-2024-9671", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-10-09T15:15:17.513", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-9671", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317449", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en 3Scale. No existe un mecanismo de autenticaci\u00f3n para ver una factura en PDF de un usuario desarrollador si se conoce la URL. Cualquiera puede ver la factura si se conoce o se adivina la URL."}], "lastModified": "2024-12-04T08:15:07.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "653A5B08-0D02-4362-A8B1-D00B24C6C6F2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}