Missing Authorization Affecting org.eclipse.edc:control-plane-catalog package, versions [0.1.3,0.9.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGECLIPSEEDC-8102693
- published 27 Sep 2024
- disclosed 27 Sep 2024
- credit Markus Spiekermann
Introduced: 27 Sep 2024
New CVE-2024-9202 Open this link in a new tabHow to fix?
Upgrade org.eclipse.edc:control-plane-catalog
to version 0.9.1 or higher.
Overview
Affected versions of this package are vulnerable to Missing Authorization through the DatasetResolverImpl
process. An attacker can view datasets they are not authorized to see by guessing or automating ID requests.