Use of Client-Side Authentication

CVE-2024-45785

High

7.5/10

Summary

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-603 - Use of Client-Side Authentication

A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.

References

Advisory Timeline

Published Oct 25, 2024

Use of Client-Side Authentication

CVE-2024-45785

Summary

CWE-603 - Use of Client-Side Authentication

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS