We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-3511

Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files



Description

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.

Reserved 2024-04-09 | Published 2025-06-23 | Updated 2025-06-23 | Assigner WSO2


MEDIUM: 4.3CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unaffected

Any version before 6.6.0
unknown

6.6.0 before 6.6.0.205
affected

Default status
unaffected

Any version before 3.1.0
unknown

3.1.0 before 3.1.0.273
affected

3.2.0 before 3.2.0.361
affected

3.2.1 before 3.2.1.13
affected

4.0.0 before 4.0.0.306
affected

4.1.0 before 4.1.0.163
affected

4.2.0 before 4.2.0.98
affected

4.3.0 before 4.3.0.17
affected

Default status
unaffected

Any version before 5.10.0
unknown

5.10.0 before 5.10.0.289
affected

Default status
unaffected

Any version before 5.10.0
unknown

5.10.0 before 5.10.0.292
affected

5.11.0 before 5.11.0.333
affected

6.0.0 before 6.0.0.180
affected

6.1.0 before 6.1.0.141
affected

7.0.0 before 7.0.0.8
affected

Default status
unaffected

Any version before 2.0.0
unknown

2.0.0 before 2.0.0.320
affected

Default status
unaffected

Any version before 2.0.0
unknown

2.0.0 before 2.0.0.341
affected

Default status
unknown

4.5.0 before 4.5.0.5
affected

4.5.3 before 4.5.3.35
affected

4.6.0 before 4.6.0.140
affected

4.6.1 before 4.6.1.107
affected

4.6.2 before 4.6.2.323
affected

4.6.3 before 4.6.3.18
affected

4.6.4 before 4.6.4.3
affected

4.7.1 before 4.7.1.47
affected

4.8.1 before 4.8.1.19
affected

4.9.0 before 4.9.0.52
affected

4.9.26 before 4.9.26.10
affected

4.10.9 before 4.10.9.8
affected

4.10.13
unaffected

Credits

Viral Maniar - Security Researcher at Preemptive Cyber Security Pty Ltd reporter

References

security.docs.wso2.com/...ty-advisories/2025/WSO2-2024-2702/ vendor-advisory

cve.org (CVE-2024-3511)

nvd.nist.gov (CVE-2024-3511)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-3511

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.