Authorization Bypass Through User-Controlled Key Affecting org.bonitasoft.engine:bonita-common package, versions [,10.1.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGBONITASOFTENGINE-6913899
- published 20 May 2024
- disclosed 15 May 2024
- credit Mohammad A’mir
Introduced: 15 May 2024
CVE-2024-28087 Open this link in a new tabHow to fix?
Upgrade org.bonitasoft.engine:bonita-common
to version 10.1.0 or higher.
Overview
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to the lack of dynamic permissions. An attacker can gain unauthorized access to sensitive information by exploiting insecure direct object references.
References
CVSS Scores
version 3.1