VYPR

NuGet package

oqtane.server

pkg:nuget/oqtane.server

Vulnerabilities (3)

  • CVE-2024-55471MedDec 20, 2024
    affected <= 6.0.0

    Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.

  • CVE-2024-55470HigDec 20, 2024
    affected <= 6.0.0

    Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation

  • CVE-2024-55186MedDec 20, 2024
    affected <= 6.0.0

    An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mai