exploitDog

CVE-2024-28216

Опубликовано: 07 мар. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

Ссылки

https://cve.naver.com/detail/cve-2024-28216.html
Vendor Advisory
https://cve.naver.com/detail/cve-2024-28216.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:naver:ngrinder:*:*:*:*:*:*:*:*

Версия до 3.5.9 (исключая)

EPSS

Процентиль: 50%

0.00264

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-wcmh-ghjh-4j2h

CVSS3: 5.4

github

почти 2 года назад

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

EPSS

Процентиль: 50%

0.00264

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-862

CWE-862