CVE-2024-50671

An incorrect access control vulnerability in Adapt Authoring Tool 0.11.3 and prior allows attackers with Authenticated User roles to obtain email addresses via the Get users feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles.