Vulnerability Details CVE-2024-37889
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.089
EPSS Ranking 92.2%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f
- https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2
- https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f
- https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2
Products affected by CVE-2024-37889
-
cpe:2.3:a:treyww:myfinances:*