Miggo Logo
Miggo Vulnerability Database
CVE-2024-25169

CVE-2024-25169:
Mezzanine allows attackers to bypass access control mechanisms

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-25169
GHSA ID
GHSA-qp56-82vp-xqgv
EPSS Score
0.68299%
CWE
-
Published
2/28/2024
Updated
2/28/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Mezzaninepip<= 6.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information lacks concrete technical details required to identify specific vulnerable functions. There are no code examples, commit diffs, or patch details showing implementation flaws. The advisory references image-based POCs (hosted on ImgBB) that are not accessible for analysis, and the CVE description only mentions 'crafted requests' without specifying affected components. While the vulnerability likely exists in admin panel/modules/plugins/ access control checks (e.g., missing permission validation() in view functions or middleware), the absence of Mezzanine's actual code context or exploit specifics makes it impossible to pinpoint exact functions with high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* in M*zz*nin* v*.*.* *llows *tt**k*rs to *yp*ss ****ss *ontrol m****nisms in t** **min p*n*l vi* * *r**t** r*qu*st.

Reasoning

T** provi*** in*orm*tion l**ks *on*r*t* t***ni**l **t*ils r*quir** to i**nti*y sp**i*i* vuln*r**l* *un*tions. T**r* *r* no *o** *x*mpl*s, *ommit *i**s, or p*t** **t*ils s*owin* impl*m*nt*tion *l*ws. T** **visory r***r*n**s im***-**s** PO*s (*ost** on