CVE-2024-24716 - Vulnerability Details - OpenCVE

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Getawesomesupport	Awesome Support

Configuration 1 [-]

cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability-3?_s_id=cve

History

Fri, 11 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Getawesomesupport Getawesomesupport awesome Support
CPEs		cpe:2.3:a:getawesomesupport:awesome_support::::::wordpress::*
Vendors & Products		Getawesomesupport Getawesomesupport awesome Support

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-09T10:21:32.133Z

Updated: 2024-08-01T23:28:11.844Z

Reserved: 2024-01-26T23:24:16.975Z

Link: CVE-2024-24716

Vulnrichment

Updated: 2024-08-01T23:28:11.844Z

NVD

Status : Modified

Published: 2024-06-09T11:15:49.493

Modified: 2024-11-21T08:59:34.150

Link: CVE-2024-24716

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24716", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-01-26T23:24:16.975Z", "datePublished": "2024-06-09T10:21:32.133Z", "dateUpdated": "2024-08-01T23:28:11.844Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "awesome-support", "product": "Awesome Support", "vendor": "Awesome Support Team", "versions": [{"changes": [{"at": "6.1.7", "status": "unaffected"}], "lessThanOrEqual": "6.1.6", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Brandon Roldan (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Awesome Support Team Awesome Support.<p>This issue affects Awesome Support: from n/a through 6.1.6.</p>"}], "value": "Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-09T10:21:32.133Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability-3?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 6.1.7 or a higher version."}], "value": "Update to 6.1.7 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T12:48:53.926939Z", "id": "CVE-2024-24716", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T12:49:00.992Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:11.844Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability-3?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability-3?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:11.844Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-10T12:48:53.926939Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T12:48:58.103Z"}}], "cna": {"title": "WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Brandon Roldan (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Awesome Support Team", "product": "Awesome Support", "versions": [{"status": "affected", "changes": [{"at": "6.1.7", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "6.1.6"}], "packageName": "awesome-support", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 6.1.7 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 6.1.7 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability-3?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Awesome Support Team Awesome Support.<p>This issue affects Awesome Support: from n/a through 6.1.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-09T10:21:32.133Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24716", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:28:11.844Z", "dateReserved": "2024-01-26T23:24:16.975Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-06-09T10:21:32.133Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FFD00489-3F2D-4035-A932-A3C4E6956160", "versionEndExcluding": "6.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en el equipo de soporte de Awesome Awesome Support. Este problema afecta a Awesome Support: desde n/a hasta 6.1.6."}], "id": "CVE-2024-24716", "lastModified": "2024-11-21T08:59:34.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-09T11:15:49.493", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability-3?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-6-broken-access-control-vulnerability-3?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}