CVE-2024-2232
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Aug 5, 2024
Updated: Aug 7, 2024
CWE ID 918
Summary
CVE-2024-2232 is a newly disclosed vulnerability affecting a specific application. This issue stems from the absence of Cross-Site Request Forgery (CSRF) protections. Consequently, an unauthenticated attacker can manipulate invitations, enabling them to add any user to any group, including private ones. This vulnerability poses a significant risk as it bypasses access controls, potentially leading to unauthorized group memberships and sensitive data exposure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share