ByteOS Network

NVD Vulnerability Details :

CVE-2024-50633

Analyzed

Source-cve@mitre.org

Published At-16 Jan, 2025 | 18:15

Updated At-19 Sep, 2025 | 18:48

A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	0.0	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 0.0

Base severity: NONE

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

cern>>indico>>Versions from 3.2.9(inclusive) to 3.3.2(inclusive)

cpe:2.3:a:cern:indico:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-201	Secondary	cve@mitre.org

CWE ID: CWE-201

Type: Secondary

Source: cve@mitre.org

References

Hyperlink	Source	Resource
https://github.com/cetinpy/CVE-2024-50633	cve@mitre.org	Exploit Third Party Advisory
https://github.com/cetinpy/CVE-2024-50633/issues/1	cve@mitre.org	Issue Tracking

Hyperlink: https://github.com/cetinpy/CVE-2024-50633

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://github.com/cetinpy/CVE-2024-50633/issues/1

Source: cve@mitre.org

Resource:

Issue Tracking

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History