CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-50633

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00769/1

CVE-2024-50633 affects Indico through 3.3.5, potentially allowing unauthorized information access. This Broken Object Level Authorization (BOLA) vulnerability could enable attackers to read information via crafted POST requests to /api/principals. While the supplier disputes this classification, understanding the risk is crucial. With an SVRS of 30, the immediate threat is moderate but warrants monitoring, despite the CVSS score of 0. Attackers could potentially exploit this to gather sensitive user data, although the vendor claims this behavior is by design. This is significant because even intentionally exposed data can be misused if not properly secured or if it violates privacy expectations. Organizations using Indico should review access controls and data exposure policies. Monitoring logs for unusual activity targeting the /api/principals endpoint is also recommended.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-01-16
LAST MODIFIED2025-02-18
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-50633 is a vulnerability with a currently unknown description. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) stands at 30, indicating a moderate risk level. This moderate risk is amplified by the "In The Wild" tag, signifying that this vulnerability is actively being exploited by hackers.

Key Insights

  • Limited Information: The lack of a description for CVE-2024-50633 poses a challenge in understanding its exact nature and potential impact.
  • Active Exploitation: The "In The Wild" tag signals that attackers are actively exploiting this vulnerability, making immediate action crucial.
  • Moderate SVRS: Despite the low CVSS score, the SVRS of 30 indicates a moderate risk level, highlighting the need for proactive measures.
  • Unknown Threat Actors: The identity of the threat actors exploiting this vulnerability is unknown.

Mitigation Strategies

  • Patching: Apply all available security patches and updates as soon as possible.
  • Network Segmentation: Implement network segmentation to isolate critical systems and limit the potential impact of a compromise.
  • Vulnerability Scanning: Conduct regular vulnerability scanning to identify and remediate potential vulnerabilities within the network.
  • Intrusion Detection/Prevention Systems (IDS/IPS): Deploy and configure effective IDS/IPS systems to detect and prevent malicious activity.

Additional Information

For further insights and detailed information regarding CVE-2024-50633, users can utilize the "Ask to Analyst" feature, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-50633 | Indico 3.2.9 POST Request /api/principals information disclosure
vuldb.com2025-01-18
CVE-2024-50633 | Indico 3.2.9 POST Request /api/principals information disclosure | A vulnerability was found in Indico 3.2.9. It has been classified as problematic. This affects an unknown part of the file /api/principals of the component POST Request Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-50633. Access to the local network
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/cetinpy/CVE-2024-50633
[email protected]https://github.com/cetinpy/CVE-2024-50633
[email protected]https://github.com/cetinpy/CVE-2024-50633/issues/1

CWE Details

CWE IDCWE NameDescription
CWE-201Insertion of Sensitive Information Into Sent DataThe code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
CWE-862Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence