Logo
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Username Enumeration on Shared Widgets

Avatar Rushmi Bhuju
February 04, 2025 08:41
Follow

Advisory ID: LVD-2024-0001

CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSSv 3.1 Base Score: 4.3

Severity: Medium

CVE: CVE-2024-30176

CWE: CWE-200, CWE-204

Date Published: 2024-04-25

Description:

In Logpoint versions before 7.4.0, attackers could enumerate a valid list of usernames using publicly exposed URLs of shared widgets.

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments:

Hannes Fleisch

 

Comments

Article is closed for comments.

Related articles

  • Template injection in Search Template
  • Path Injection  on Enrichment Sources leading to arbitrary file write in /tmp folder
  • Server Side Request Forgery (SSRF) on Threat Intelligence
  • Username enumeration using the forget password endpoint
  • Lookup
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.