Description

Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch.

INFO

Published Date :

2024-09-04T15:39:50.991Z

Last Modified :

2024-09-04T16:20:46.182Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45050 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45050.

URL Resource
https://github.com/Lif-Platforms/New-Ringer-Server/commit/ae795ff47b2ac2656ac6a099a0e7954ca7d9ba53 cve-icon cve-icon
https://github.com/Lif-Platforms/New-Ringer-Server/security/advisories/GHSA-cpc7-79cg-qv65 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact