Vulnerabilities > CVE-2023-24625 - Authorization Bypass Through User-Controlled Key vulnerability in Ladybirdweb Faveo Servicedesk 5.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://cupc4k3.lol/cve-2023-24625-idor-in-faveo-service-desk-37a63f53d896
- https://cupc4k3.lol/cve-2023-24625-idor-in-faveo-service-desk-37a63f53d896
- https://medium.com/%40cupc4k3/vulnerabilities-in-faveo-service-desk-37a63f53d896
- https://medium.com/%40cupc4k3/vulnerabilities-in-faveo-service-desk-37a63f53d896
- https://www.faveohelpdesk.com/servicedesk/
- https://www.faveohelpdesk.com/servicedesk/