CVE-2024-4358 – Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability

https://notcve.org/view.php?id=CVE-2024-4358

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. En Progress Telerik Report Server, versión 2024 Q1 (10.0.24.305) o anterior, en IIS, un atacante no autenticado puede obtener acceso a la funcionalidad restringida de Telerik Report Server a través de una vulnerabilidad de omisión de autenticación. This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software Telerik Reporting. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Register method. The issue results from the lack of validating the current installation step. • https://github.com/verylazytech/CVE-2024-4358 https://github.com/RevoltSecurities/CVE-2024-4358 https://github.com/fa-rrel/CVE-2024-4358 https://github.com/sinsinology/CVE-2024-4358 https://github.com/Harydhk7/CVE-2024-4358 https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358 • CWE-290: Authentication Bypass by Spoofing •