CVE-2024-13211
Published: 09 January 2025
Description
A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2024-13211 is a critical vulnerability in SingMR HouseRent version 1.0, affecting an unknown functionality within the file src/main/java/com/house/wym/controller/AdminController.java. The issue stems from improper access controls (CWE-266 and CWE-284), enabling unauthorized manipulation. It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-01-09.
A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling unauthorized access or modifications due to the flawed access controls in the AdminController.
Advisories reference a GitHub issue (https://github.com/SingMR/HouseRent/issues/12) disclosing the vulnerability, along with VulDB entries (https://vuldb.com/?ctiid.290816, https://vuldb.com/?id.290816). No specific patches or mitigation steps are detailed in the provided references, but practitioners should review the GitHub issue for updates.
The exploit has been publicly disclosed and may be usable by attackers.
Details
- CWE(s)