Lucene search
Veracode Vulnerability DatabaseVERACODE:46114HistoryApr 01, 2024 - 6:54 a.m.
Insufficient Access Control
2024-04-0106:54:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
kimai vulnerability granularity timesheet unauthorized access
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
Kimai is vulnerable to Insufficient Granularity of Access Control. This vulnerability is due to the view_other_timesheet permission between the UI and API performing differently, leading to unauthorized access to timesheet entries.
Related
osv
osv
Kimai API returns timesheet entries a user should not be authorized to view
2024-03-29 19:05:49
nvd
nvd
CVE-2024-29200
2024-03-28 14:15:14
cvelist
cvelist
cve
cve
CVE-2024-29200
2024-03-28 14:15:14
vulnrichment
vulnrichment
github
github
Kimai API returns timesheet entries a user should not be authorized to view
2024-03-29 19:05:49
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
Related for VERACODE:46114