Oqtane.Server

NuGet3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting Oqtane.Serverpage 1 of 1

CVE-2024-55186MEDIUMCVSS 4.3EG 4.3
2024-12-20
vulnerable: 1.0.0 ... 6.0.0 (48 versions)
An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notificati…
CVE-2024-55470HIGHCVSS 7.5EG 7.5
2024-12-20
vulnerable: 1.0.0 ... 6.0.0 (48 versions)
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authoriza…
CVE-2024-55471MEDIUMCVSS 6.5EG 6.5
2024-12-20
vulnerable: 1.0.0 ... 6.0.0 (48 versions)
Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter.

Check whether Oqtane.Server is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for Oqtane.Server CVEs against the assets you own.

Start Free Scan →