CVE-2024-48463

Published Nov 4, 2024

Last updated 4 months ago

CVSS medium 6.5

Overview

Description
Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-601

Social media

Hype score
Not currently trending

  1. CVE-2024-48463 Unvalidated URL Handling Vulnerability in Bruno's Markdown Viewer Bruno versions before 1.29.1 have a flaw. They use Electron's shell.openExternal function. This function does not properly check ht... https://t.co/0LSHIGvfpa

    @VulmonFeeds

    5 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-48463 Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer. https://t.co/KhxQDSRXqp

    @CVEnew

    4 Nov 2024

    484 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.