Authenticated User Exploits Null Name Vulnerability to Partially Disable Reports Section

Authenticated User Exploits Null Name Vulnerability to Partially Disable Reports Section

CVE-2023-24015 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.

Learn more about our User Device Pen Test.