Medium severity6.5NVD Advisory· Published Dec 20, 2024· Updated Apr 15, 2026

CVE-2024-55471

Description

Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Oqtane.FrameworkNuGet	<= 6.0.0	—
Oqtane.ServerNuGet	<= 6.0.0	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-hhcw-wwxv-g95cghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-55471ghsaADVISORY
github.com/oqtane/oqtane.framework/pull/4880/filesnvdWEB
medium.com/@Rudra_2158/cve-2024-55471-breaking-down-the-idor-vulnerability-in-oqtane-framework-c0f4b02f12fcnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000