CVE-2024-2231Incorrect Authorization in Himer

CWE-863Incorrect AuthorizationCWE-639Authorization Bypass Through User-Controlled KeyCWE-693Protection Mechanism Failure4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 38.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
2code Himer
Timeline
PublishedJul 3
Latest updateJul 4

Description

The allows any authenticated user to join a private group due to a missing authorization check on a function

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVD2code/himer< 2.1.1

🔴Vulnerability Details

2
GHSA
GHSA-459h-qwrj-j9gc: The allows any authenticated user to join a private group due to a missing authorization check on a function2024-07-03
CVEList
Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR2024-07-03

📋Vendor Advisories

1
Red Hat
exim: exim: Incorrect parsing of multiline rfc2231 header filename2024-07-04
CVE-2024-2231 — Incorrect Authorization in 2code Himer | cvebase