Security Advisory

CVE-2024-57190

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-10 00:00:00
Last updated 2025-06-10 19:40:27
Assigner mitre
State PUBLISHED

Description

Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.