CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-50967: The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely...

Description

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information.

Classification

CVE ID: CVE-2024-50967

Affected Products

Vendor: n/a

Product: n/a

Nuclei Template

http/cves/2024/CVE-2024-50967.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.16% (probability of being exploited)

EPSS Percentile: 54.13% (scored less or equal to compared to others)

EPSS Date: 2025-02-15 (when was this score calculated)

References

https://datagerry.readthedocs.io/en/latest/api/rest/user-management.html#rights
https://medium.com/@0xbytehunter/my-first-cve-discovery-of-broken-access-control-in-the-datagerry-platform-7b0404f88a43
https://github.com/0xByteHunter/CVE-2024-50967

Timeline

2025-01-18 00:30:27 UTC
CVE

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely...