exploitDog

CVE-2024-23734

Опубликовано: 10 апр. 2024

Источник: nvd

CVSS3: 5.2

EPSS Низкий

Описание

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link.

Ссылки

https://help.savignano.net/snotify-email-encryption/sa-2023-11-28
Vendor Advisory
https://help.savignano.net/snotify-email-encryption/security-advisories
Vendor Advisory
https://help.savignano.net/snotify-email-encryption/sa-2023-11-28
Vendor Advisory
https://help.savignano.net/snotify-email-encryption/security-advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:savignano:s-notify:*:*:*:*:*:bitbucket:*:*

Версия до 2.0.1 (исключая)

EPSS

Процентиль: 39%

0.00169

Низкий

5.2 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-6cq5-38vf-h3g2

CVSS3: 5.2

github

почти 2 года назад

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link.

EPSS

Процентиль: 39%

0.00169

Низкий

5.2 Medium

CVSS3

Дефекты

CWE-352