CVE-2024-10469

Oct. 29, 2024, 2:34 p.m.

Product(s) Impacted

VINCE

  • before 3.0.9

Description

VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users.

Weaknesses

CWE-276
Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE ID: 276

Date

Published: Oct. 28, 2024, 4:15 p.m.

Last Modified: Oct. 29, 2024, 2:34 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cret@cert.org

References