CVE-2024-51381

Published Nov 5, 2024

Last updated 11 days ago

Overview

Description: Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control.
Source: cve@mitre.org
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.4
Impact score: 6
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-352

Hype score: Not currently trending

CVE-2024-51381 Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin account… https://t.co/M8QuDixPw5
@CVEnew
5 Nov 2024
435 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References