CVE-2024-41290

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 2, 2024

Updated: Oct 4, 2024

CWE ID 315

Summary

CVE-2024-41290 is a vulnerability affecting FlatPress CMS version 1.3.1. The issue lies in the way authentication data is stored in cookies. Instead of employing secure methods, the application uses insecure techniques, putting user credentials at risk if intercepted by an attacker. This could lead to unauthorized access to user accounts and potential data breaches. It is crucial that users update their FlatPress installation to a more secure version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Pluck -

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xFNY6j
https://www.cve.org/CVERecord?id=CVE-2024-41290
https://nvd.nist.gov/vuln/detail/CVE-2024-41290

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners