Vulnerability in Cern Indico

CVE-2024-50633

A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the pr…

EPSS: 0.006 (44.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-50633?
CVE-2024-50633 is a vulnerability in Cern Indico, classified under Insertion of Sensitive Information into Sent Data. Published 2025-01-16.
Is CVE-2024-50633 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.