Medium severity4.3NVD Advisory· Published Nov 25, 2024· Updated Apr 15, 2026
CVE-2024-50671
CVE-2024-50671
Description
Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=0.11.3
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.