Name of the Vulnerable Software and Affected Versions: Vedo Suite version 2024.17 Description: Vedo Suite 2024.17 is susceptible to an incorrect access control issue. This allows remote attackers to obtain a valid, high-privilege JWT (JSON Web Token) without authentication by sending an empty HTTP POST request to the /autologin/ API endpoint. Recommendations: Vedo Suite version 2024.17: Implement proper authentication and authorization checks for the /autologin/ API endpoint to prevent unauthorized access and JWT token…Read More