CVE-2024-28029

High

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access…

icscert·CWE-602·Published 2024-03-21

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

161 chars

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.

NVDen

161 chars

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.

Los privilegios no se verifican completamente en el lado del servidor, lo que puede ser abusado por un usuario con privilegios limitados para eludir la autorización y acceder a funciones privilegiadas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H