2317449 – (CVE-2024-9671) CVE-2024-9671 System: PDF invoices of the Developer users can be seen if the URL is known

Bug 2317449 (CVE-2024-9671) - CVE-2024-9671 System: PDF invoices of the Developer users can be seen if the URL is known

Summary: CVE-2024-9671 System: PDF invoices of the Developer users can be seen if the ...

Keywords:
Status:	NEW
Alias:	CVE-2024-9671
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-10-08 23:54:37 UTC

There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.

Note You need to log in before you can comment on or make changes to this bug.