CVE-2024-45854
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-45854 identifies a vulnerability in versions 23.10.3.0 and newer of the MindsDB platform, where deserialization of untrusted data can allow an attacker to upload a malicious ‘inhouse’ model that executes arbitrary code on the server during a ‘describe’ query. Affected products include various iterations of MindsDB, denoted by IDs such as yZDbPt, yZDbPs, and uCRMb0 among others. The potential risk involves significant impacts on integrity, confidentiality, and availability with a high exploitability score of 1.6 and a base severity rating of 7.5 according to CVSS version 3.1. To mitigate this vulnerability, organizations should upgrade to a patched version of the MindsDB platform that addresses this issue immediately. Without remediation, the vulnerability could lead to unauthorized access and control over server operations, posing serious security threats to affected organizations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.