CVE-2024-48953 Information

Description

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating editing or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint resulting in unauthorized access.

Reference

https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest/ https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security https://servicedesk.logpoint.com/hc/en-us/articles/21968899128221-Authentication-Bypass-using-URL-endpoints-in-the-Authentication-Modules