{"id":"CVE-2024-12125","summary":"3scale-porta: readonly fields not validated server-side","details":"A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.","modified":"2026-07-08T07:47:10.893869239Z","published":"2025-11-06T21:50:40.704Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12125.json","cna_assigner":"redhat","cwe_ids":["CWE-281"]},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"WEB","url":"https://github.com/3scale/porta/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-12125"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12125.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-12125"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330214"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/3scale/porta","events":[{"introduced":"0"},{"fixed":"626baa1cec3a65c7a9ed7f4dfc731d49548ba76a"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"3scale-2.16.0-GA"}]}}],"versions":["3scale-2.14.1-GA","2.14.1","3scale-test","3scale-2.12.2-GA","3scale-2.12.1-GA","3scale-2.12.0-GA","3scale-2.12-stable","3scale-2.12-dev","3scale-2.11.1-candidate","3scale-2.11.0-GA","3scale-2.10.0-ER2","3scale-2.10.0-ER1","3scale-2.8.0-ER2","3scale-2.8.0-ER1","3scale-2.7.0-CR1","3scale-2.7.0-ER2","3scale-2.7.0-ER1","3scale-2.6.0-ER2","3scale-2.6.0-ER1","3scale-2.5.0-CR1","3scale-2.5.0-ER1","3scale-2.4.0-CR1","3scale-2.4.0-DR1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12125.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}