CVE-2024-56311
Published Dec 22, 2024
Last updated a month ago
- Description
- REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-352
- Hype score
- Not currently trending
CVE-2024-56311 (CVSS:8.8, HIGH) is Awaiting Analysis. REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Reques..https://t.co/PGhMFkVIeG #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
27 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56311 CSRF Attack Vulnerability in REDCap Calendar Events Note Section REDCap, up to version 15.0.0, has a security flaw in the Calendar section's Notes. It exposes users to a Cross-Site Request Forgery ... https://t.co/S7jDbutKtl
@VulmonFeeds
22 Dec 2024
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56311 REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can explo… https://t.co/a174QafZJp
@CVEnew
22 Dec 2024
613 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes