Description

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges.

INFO

Published Date :

2024-09-27T00:00:00.000Z

Last Modified :

2024-09-27T19:42:29.536Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-46097 vulnerability.

Vendors Products
Testlink
  • Testlink
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-46097.

URL Resource
https://github.com/Alkatraz97/CVEs/blob/main/CVE-2024-46097.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact