Primary

Context

Indico Unauthorized User Details Access Vulnerability via Legacy API

Vulnerability

Patched

A vulnerability in Indico's legacy API for user detail retrieval allows unauthorized access to profile information of other users, bypassing admin permissions. This issue arises from a broken access control check and affects Indico versions through 3.3.7. The vulnerability can be exploited over the network, with low complexity and low privileges required.

Impact

Exploitation of this vulnerability allows for unauthorized access to user profile details, creating a privacy risk by disclosing information without consent.

Remediation

Users are advised to update Indico to version 3.3.8. Instructions for updating can be found in the Indico documentation. As a temporary workaround, access to the affected API can be restricted through web server configuration.

Added: Sep 10, 2025, 4:23 PM

Updated: Sep 10, 2025, 4:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

2.5

exploitability

5.4

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

2.5

exploitability

5.4

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Indico Unauthorized User Details Access Vulnerability via Legacy API

Vulnerability

Impact

Remediation

Affected Products

Indico

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating