216.73.217.98

CVE-2024-31842

· Published 20/08/2024 20:15 · Modified 13/09/2024 14:05

Labels: CVE-2024-31842 2024-08-20CVE-2024-31842NVD-CWE-noinfo[email protected]

Essential information

Published
20/08/2024 20:15
Modified
13/09/2024 14:05
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
italtel / embrace cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:*

References