CVE-2024-50671

MEDIUM

Adapt Learning Adapt Authoring Tool <= 0.11.3 - Info Disclosure

Title source: llm

Description

Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users.

References (2)

Core 2

Core References

Various Sources

https://github.com/adaptlearning/adapt_authoring

Various Sources

https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-50671

View Writeup ZIP pw:eip

Scores

CVSS v3 4.3

EPSS 0.0008

EPSS Percentile 22.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Published Nov 25, 2024

Tracked Since Feb 18, 2026