In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Jun 2025 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 09 Jun 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 07 Jun 2025 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access. | In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword. |
Sat, 07 Jun 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | moPS App Engine 1.8.618 has incorrect access control. | In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access. |
Weaknesses | CWE-306 | |
Metrics |
cvssV4_0
|
Sat, 07 Jun 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | moPS App Engine 1.8.618 has incorrect access control. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-06-07T00:00:00.000Z
Updated: 2025-06-13T07:27:37.060Z
Reserved: 2024-12-09T00:00:00.000Z
Link: CVE-2024-55585

Updated: 2025-06-09T15:12:39.760Z

Status : Awaiting Analysis
Published: 2025-06-07T19:15:22.333
Modified: 2025-06-13T08:15:19.127
Link: CVE-2024-55585

No data.