Skip to main content
CVE-2024-55585 CRITICAL Act Now

moPS App through version 1.8.618 contains a critical authentication bypass vulnerability (CVE-2024-55585, CVSS 9.0) that allows all authenticated users to access administrative API endpoints without proper authorization checks, enabling unrestricted read and write operations including password resets. This vulnerability is particularly severe as it requires only low privileges (PR:L) to exploit via network access, and the /api/v1/users/resetpassword endpoint demonstrates direct administrative function access. No KEV or active exploitation data is referenced, but the high CVSS score and authentication bypass nature suggest significant real-world risk if exploited.

Authentication Bypass Privilege Escalation Information Disclosure
NVD
CVSS 4.0
9.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy