CVE-2024-45522

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Sep 2, 2024
Updated: Sep 5, 2024
CWE ID 284

Summary

CVE-2024-45522 is a critical vulnerability affecting the Linen application prior to commit cd37c3e, where it fails to verify that the domain is either linen.dev or www.linen.dev during password reset processes. This flaw, categorized under CWE-284 (Improper Access Control), poses significant risks as it allows unauthorized access to user accounts without requiring any privileges or user interaction, leading to high confidentiality and integrity impacts. The vulnerability has an exploitability score of 3.9 and a base severity rating of 9.1, highlighting its critical nature. To remediate this issue, users should apply the patch available in the referenced GitHub commit. Organizations using the affected service are advised to implement this patch promptly to prevent potential account compromise and data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-45522 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions