CVE-2024-52302

Sažetak

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).

Reference

https://github.com/OsamaTaher/Java-springboot-codebase/commit/204402bb8b68030c14911379ddc82cfff00b8538
https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-rhcq-44g3-5xcx

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

15-11-2024 - 13:58

Objavljeno

14-11-2024 - 16:15