Strix
26.1K

CVE-2024-46097

HIGHCVSS 8.1/10EPSS 0.43%

Last modified

CVE-2024-46097 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. EPSS estimates a 0.43% chance of exploitation in the next 30 days.

Description

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges.

Metrics

CVSS 3.1
8.1/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Probability
0.43%

34.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
TestlinkTestlink1.9.20

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-46097?
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges.
How severe is CVE-2024-46097?
CVE-2024-46097 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.
How do I fix CVE-2024-46097?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-46097?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST