CVE - CVE-2024-37889

CVE-ID
CVE-2024-37889	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f URL:https://github.com/TreyWW/MyFinances/commit/2c1e6d5b7ec8b2d6f660b260e3c5f4d3eaaa613f MISC:https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2 URL:https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20240610	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240610)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)