Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Username Enumeration on Shared Widgets

Avatar Rushmi Bhuju
June 06, 2024 10:51
Follow

Advisory ID: LVD-2024-0001

CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSSv 3.1 Base Score: 4.3

Severity: Medium

CVE: CVE-2024-30176

CWE: CWE-200, CWE-204

Date Published: 2024-04-25

Description:

In Logpoint versions before 7.4.0, attackers could enumerate a valid list of usernames using publicly exposed URLs of shared widgets.

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments:

Hannes Fleisch

 

Comments

Article is closed for comments.

Related articles

  • Template injection in Search Template
  • Path Injection  on Enrichment Sources leading to arbitrary file write in /tmp folder
  • Server Side Request Forgery (SSRF) on Threat Intelligence
  • Username enumeration using the forget password endpoint
  • Privilege Escalation Through Cronjob
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.