CVE-2024-52528

Published Nov 15, 2024

Last updated 2 days ago

CVSS critical 9.3

Overview

Description
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-285

Social media

Hype score
Not currently trending

  1. CVE-2024-52528 Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does n… https://t.co/GoyQCFqw8u

    @CVEnew

    15 Nov 2024

    279 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References