CVE-2024-27730

Published: Aug 15, 2024Modified: Jun 4, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.

Affected (1)

Products: Friendica: Friendica

Friendica

1 product

Friendica

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Friendica Friendica	Version 2023.12

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://github.com/friendica/friendica/pull/13927

Source: cve@mitre.org

Issue TrackingPatch

https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures/

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.