CVE-2024-51381

Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://hacking-notes.medium.com/cve-2024-51381-jatos-v3-9-3-csrf-admin-account-creation-94035f24d0be

Configurations

No configuration.

History

No history.

Information

Published : 2024-11-05 19:15

Updated : 2024-11-06 18:17

NVD link : CVE-2024-51381

Mitre link : CVE-2024-51381

CVE.ORG link : CVE-2024-51381

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.4 /10