CVE-2024-12307

{"id": "CVE-2024-12307", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-12-09T09:15:05.433", "references": [{"url": "https://huntr.com/bounties/90a7299e-9233-43fd-b666-7375c4fdbb3c", "source": "vulnerability@ncsc.ch"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso a nivel de funci\u00f3n en Unifiedtransform versi\u00f3n 2.0 y posiblemente versiones anteriores permite a los profesores modificar los datos personales de los estudiantes sin la debida autorizaci\u00f3n. La vulnerabilidad existe debido a la falta de controles de acceso en la funcionalidad de edici\u00f3n de estudiantes. En el momento de la publicaci\u00f3n de la CVE no hay ning\u00fan parche disponible."}], "lastModified": "2024-12-09T09:15:05.433", "sourceIdentifier": "vulnerability@ncsc.ch"}