CVE-2024-3511

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/06/2025
Last modified:
23/06/2025

Description

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.<br /> <br /> Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.