CVE-2024-31842
Last modified
CVE-2024-31842 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Italtel | Embrace | 1.6.4 |
References
- https://www.gruppotim.it/it/footer/red-team.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-31842?
How severe is CVE-2024-31842?
How do I fix CVE-2024-31842?
Are you affected by CVE-2024-31842?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST