Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26570: Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

CVE
Open in Source
#vulnerability#web#auth

Discovered by Melodi Dey on behalf of The Missing Link Security

Vulnerability Details

Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.013 allows extraction sensitive student data by unauthenticated attackers.

Affected Versions

Discovered in: 3.1.013

Fixed Versions

Fixed in: 3.1.053

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE