CVE-2024-51381

Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://hacking-notes.medium.com/cve-2024-51381-jatos-v3-9-3-csrf-admin-account-creation-94035f24d0be	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jatos:jatos:3.9.3:*:*:*:*:*:*:*

History

24 Jun 2025, 13:20

Type	Values Removed	Values Added
CPE		cpe:2.3:a:jatos:jatos:3.9.3:::::::*
First Time		Jatos Jatos jatos
References	~~() https://hacking-notes.medium.com/cve-2024-51381-jatos-v3-9-3-csrf-admin-account-creation-94035f24d0be -~~	() https://hacking-notes.medium.com/cve-2024-51381-jatos-v3-9-3-csrf-admin-account-creation-94035f24d0be - Exploit, Third Party Advisory

Information

Published : 2024-11-05 19:15

Updated : 2025-06-24 13:20

NVD link : CVE-2024-51381

Mitre link : CVE-2024-51381

CVE.ORG link : CVE-2024-51381

JSON object : View

Products Affected

jatos

jatos

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.4 /10