CVE-2024-50650 – python_book V1.0 has an incorrect access contro... (How to Fix)

Q: What is the severity of CVE-2024-50650?

CVE-2024-50650 has a CVSS score of 7.5 (HIGH). python_book V1.0 has an incorrect access control vulnerability that allows attackers to access sensitive user information by manipulating ID parameters. This affects all users of the vulnerable software version, potentially exposing personal data to unauthorized parties.

📋 TL;DR

python_book V1.0 has an incorrect access control vulnerability that allows attackers to access sensitive user information by manipulating ID parameters. This affects all users of the vulnerable software version, potentially exposing personal data to unauthorized parties.

💻 Affected Systems

Products:

python_book

Versions: V1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the default installation of python_book V1.0

📦 What is this software?

Python Book by Timgreen

View all CVEs affecting Python Book →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass data breach exposing all user records including personal information, credentials, and private data

🟠

Likely Case

Targeted data extraction of specific users' sensitive information

🟢

If Mitigated

No data exposure with proper access controls and parameter validation

🌐 Internet-Facing: HIGH - Direct parameter manipulation attacks can be performed remotely

🏢 Internal Only: MEDIUM - Internal attackers could still exploit but require network access

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires basic web request manipulation skills

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative software.

🔧 Temporary Workarounds

Implement Proper Access Control

all

Add server-side authorization checks to verify users can only access their own data

Parameter Validation

all

Validate and sanitize all user input parameters before processing

🧯 If You Can't Patch

Isolate the application behind strict network segmentation
Implement web application firewall rules to detect and block parameter tampering

🔍 How to Verify

Check if Vulnerable:

Test by modifying ID parameters in requests to access other users' data

Check Version:

Check application version in configuration or about page

Verify Fix Applied:

Verify that ID parameter manipulation no longer returns unauthorized user data

📡 Detection & Monitoring

Log Indicators:

Multiple failed authorization attempts
Rapid sequential requests with different ID parameters

Network Indicators:

Unusual patterns of ID parameter values in HTTP requests

SIEM Query:

source=web_logs AND (id_parameter_changes > threshold OR unauthorized_access_attempts)

📊 Metadata

CVE ID: CVE-2024-50650

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-863

Published: November 15, 2024

Last Updated: June 17, 2025

🔗 References

https://github.com/Yllxx03/CVE/blob/main/python_book/BrokenAccessControl.md Exploit,Third Party Advisory
https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50650 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50650, you might also want to check these: