CVE-2024-32034

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Sep 16, 2024
Updated: Sep 20, 2024
CWE ID 79

Summary

CVE-2024-32034 is a vulnerability found in the Decidim platform, which is an open-source tool for participatory democracy. The issue arises from a potential Cross-site Scripting (XSS) attack that can occur when an admin assigns a valuator to a proposal or performs any action that generates an admin activity log containing crafted resources. Affected products include various versions of Decidim, specifically those prior to releases 0.27.7 and 0.28.2. To mitigate this vulnerability, users are advised to upgrade to the latest versions or, if unable to upgrade, redirect the /admin and /admin/logs pages to prevent unauthorized access. This vulnerability poses a medium-level risk with high confidentiality impact due to the potential for unauthorized data exposure, requiring user interaction and low privileges for exploitation over a network.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share