CVE-2024-12123

CVSS

No CVSS.

hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts.

References

Link	Resource
https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes

Configurations

No configuration.

History

04 Dec 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-04 04:15

Updated : 2024-12-04 04:15

NVD link : CVE-2024-12123

Mitre link : CVE-2024-12123

CVE.ORG link : CVE-2024-12123

JSON object : View

Products Affected

No product.

CWE

CWE-472

External Control of Assumed-Immutable Web Parameter

CWE-837

Improper Enforcement of a Single, Unique Action

{"id": "CVE-2024-12123", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.3, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-12-04T04:15:04.430", "references": [{"url": "https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "description": [{"lang": "en", "value": "CWE-472"}, {"lang": "en", "value": "CWE-837"}]}], "descriptions": [{"lang": "en", "value": "A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.\u00a0\n\nWhen an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy.\u00a0 The ticket requester can be changed from the original requester to another user in the same application, \nwhich the application then accepts."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de manipulaci\u00f3n de campos ocultos en la versi\u00f3n 17.1 de Issuetrak que podr\u00eda ser activada por un usuario autenticado. Cuando un usuario autenticado env\u00eda un ticket, la solicitud puede ser interceptada y posteriormente modificada mediante un proxy. El solicitante del ticket puede cambiar de solicitante original a otro usuario en la misma aplicaci\u00f3n, que luego la aplicaci\u00f3n acepta."}], "lastModified": "2024-12-04T04:15:04.430", "sourceIdentifier": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}

CVE-2024-12123

JSON object

Attach tags to CVE-2024-12123

Attach tags to `CVE-2024-12123`