CVE-2024-2196

Exploit

EPSS 0.74%
Veröffentlicht 10.04.2024 17:15:54
Zuletzt bearbeitet 29.07.2025 20:27:43
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aimstack ≫ Aim Version3.17.5 SwPlatformpython

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.74%	0.72

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://huntr.com/bounties/e141e3f2-afbb-405f-a891-f66628c8b68f

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-2196

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2196

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2196

EUVD