You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Unauthorized access to view information of other user
Moderate
marcelfolaron
published
GHSA-3hfj-qcvj-4hx8Feb 18, 2025
Package
No package listed
Affected versions
<3.3
Patched versions
3.3
Description
Finding Description
Application has functionality for a user to view profile information. It does not have implemented authorisation check for "Host" parameter which allows a user to view profile information of other user by replacing "Host" parameter.
Impact
By exploiting this vulnerability an attacker can able to view profile information (but not anything else or change anything)
harshilsecurify Reporter
Finding Description
Application has functionality for a user to view profile information. It does not have implemented authorisation check for "Host" parameter which allows a user to view profile information of other user by replacing "Host" parameter.
Impact
By exploiting this vulnerability an attacker can able to view profile information (but not anything else or change anything)