Vulnerability in Ethyca Fides
CVE-2024-52008
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI…
EPSS: 0.001 (27.5th percentile) — read the EPSS interpretation.
Affected products
- Ethyca Fides — versions < 2.50.0
Weakness classification (CWE)
References
- https://github.com/ethyca/fides/security/advisories/GHSA-v7vm-rhmg-8j2r (x_refsource_CONFIRM)