CVE-2024-50617

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

11/02/2026

Last modified:

11/02/2026

Description

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. (Retrieval is not intended without correct data access configured for documents.)

Impact

References to Advisories, Solutions, and Tools

https://cipplanner.com/cve-2024-50617-cve-public-notification-of-resolution/