{"id":"CVE-2024-25635","summary":"IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS","details":"alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/\u003cuser_id\u003e` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue.","aliases":["GHSA-ffr5-g3qg-gp4f"],"modified":"2026-04-19T04:15:56.172272Z","published":"2024-02-19T19:48:10.379Z","database_specific":{"cwe_ids":["CWE-612"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25635.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25635.json"},{"type":"ADVISORY","url":"https://github.com/alfio-event/alf.io/security/advisories/GHSA-ffr5-g3qg-gp4f"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25635"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/alfio-event/alf.io","events":[{"introduced":"0"},{"fixed":"d510c22f613bee0a2b7db51eab0f4d520826d8c0"}]}],"versions":["1.10","1.10-RC1","1.10-RC2","1.10.1","1.11","1.12","1.12-RC1","1.12-RC2","1.12-RC3","1.12-RC4","1.13","1.13-RC1","1.13-RC2","1.13-RC3","1.14","1.14-RC1","1.14-RC2","1.14.1","1.4","1.4-RC2","1.4.1","1.5","1.6","1.7","1.8","1.8-RC1","1.8-RC2","1.9","1.9.1","2.0-M0","2.0-M1","2.0-M1-1906","2.0-M1-1906.1","2.0-M2","2.0-M3","2.0-M4","2.0-M4-2204","2.0-M4-2301","2.0-M4-2304","2.0-M4.RC1","2.0-M4.RC2","2.0-M4.RC3","2.0-M4.RC4","alfio-1.1","alfio-1.2","alfio-1.3","alfio-1.3-beta1","alfio-1.3.1","v1.0-pre-rename","v1.0-pre-rename-v2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25635.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}