CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-55075: Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as...

4.3 CVSS

Description

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes.

Classification

CVE ID: CVE-2024-55075

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

Affected Products

Vendor: Grocy project

Product: Grocy

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://m10x.de/posts/2024/11/all-your-recipe-are-belong-to-us-part-1/3-stored-xss-csrf-and-broken-access-control-vulnerabilities-in-grocy/

Timeline

2025-01-07 00:30:39 UTC
CVE

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as...