In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.
History

Fri, 13 Jun 2025 07:45:00 +0000

Type Values Removed Values Added
References

Mon, 09 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 07 Jun 2025 19:45:00 +0000

Type Values Removed Values Added
Description In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access. In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.

Sat, 07 Jun 2025 19:15:00 +0000

Type Values Removed Values Added
Description moPS App Engine 1.8.618 has incorrect access control. In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access.
Weaknesses CWE-306
Metrics cvssV4_0

{'score': 9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/RE:M/U:Red'}


Sat, 07 Jun 2025 19:00:00 +0000


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-06-07T00:00:00.000Z

Updated: 2025-06-13T07:27:37.060Z

Reserved: 2024-12-09T00:00:00.000Z

Link: CVE-2024-55585

cve-icon Vulnrichment

Updated: 2025-06-09T15:12:39.760Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-07T19:15:22.333

Modified: 2025-06-13T08:15:19.127

Link: CVE-2024-55585

cve-icon Redhat

No data.