CVE-2024-11023
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Nov 18, 2024
CWE ID 79
Summary
CVE-2024-11023 is a vulnerability affecting the Firebase JavaScript SDK. The SDK uses a "FIREBASE_DEFAULTS" cookie to store configuration data, including a "_authTokenSyncURL" field for session synchronization. Maliciously setting this field by an attacker can manipulate the URL to redirect user session data to their own server, allowing unauthorized access to user information. It is recommended to upgrade the Firebase JavaScript SDK to at least version 10.9.0 to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Java 1.8
Affected Vendors
- Oracle Corp