← voltar
CVE-2025-67715

Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

CVSS 4.3 MEDIUMEPSS 0.2%CWE-284CWE-285
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
WeblateOrg · weblate

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/WeblateOrg/weblate/pull/17256https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3pmh-24wp-xpf4