CVE-2024-45856

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 12, 2024
Updated: Sep 16, 2024
CWE ID 79

Summary

CVE-2024-45856 is a cross-site scripting (XSS) vulnerability affecting all versions of the MindsDB platform. This vulnerability allows attackers to execute JavaScript payloads when users enumerate various components such as ML Engines, databases, projects, or datasets within the web UI. The potential danger includes unauthorized data manipulation and exposure of sensitive information, particularly since user interaction is required for exploitation. To remediate this issue, users should ensure that they apply any available patches and validate input to prevent arbitrary code execution. The severity of this vulnerability is rated as medium, with a CVSS base score of 5.4 and low impact on confidentiality and integrity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share