cvedb.io
CVE-2024-52008
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2024-11-26T19:15:29.583 · Last modified 2026-06-17T08:06:47.590

Summary

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the creation of accounts with passwords as short as a single character. When an email messaging provider is enabled and a new user account is created in the system, an invite email containing a special link is sent to the new user's email address. This link directs the new user to a page where they can set their initial password. While the user interface implements password complexity checks, these validations are only performed client-side. The underlying `

Affected products

ethyca — fides

Does this affect you?

Add your gear to cvedb and we'll alert you only when ethyca ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.