CVE-2024-2232

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 5, 2024

Updated: Aug 7, 2024

CWE ID 918

Summary

CVE-2024-2232 is a newly disclosed vulnerability affecting a specific application. This issue stems from the absence of Cross-Site Request Forgery (CSRF) protections. Consequently, an unauthenticated attacker can manipulate invitations, enabling them to add any user to any group, including private ones. This vulnerability poses a significant risk as it bypasses access controls, potentially leading to unauthorized group memberships and sensitive data exposure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uE8la3
https://www.cve.org/CVERecord?id=CVE-2024-2232
https://nvd.nist.gov/vuln/detail/CVE-2024-2232

Back to Vulnerability Database

CVE-2024-2232

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations