GrepRules
Sign inPublish rule
Explore/cve-2024-55471-oqtane-idor-public-settings-exposure

CVE-2024-55471: Oqtane Idor Public Settings Exposure

A fallback `else` condition conditionally exposes data (such as 'Settings') by filtering properties via an `IsPrivate` check. This implementation can lead to an Insecure Direct Object Reference (IDOR) or unauthorized data disclosure if unprivileged users are allowed to hit this fallback logic by supplying arbitrary resource IDs. Access bounds should be stric

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0C#β
greprules fetch cve-2024-55471-oqtane-idor-public-settings-exposure --engine opengrep

Description

A fallback `else` condition conditionally exposes data (such as 'Settings') by filtering properties via an `IsPrivate` check. This implementation can lead to an Insecure Direct Object Reference (IDOR) or unauthorized data disclosure if unprivileged users are allowed to hit this fallback logic by supplying arbitrary resource IDs. Access bounds should be stric

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 68How quality works
Included packs
2 packs