CVE-2024-48033

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 11, 2024
CWE ID 502

Summary

CVE-2024-48033 is a critical vulnerability identified in the Talkback plugin by Elie Burstein and Baptiste Gourdin, affecting versions up to 1.0. This vulnerability allows for deserialization of untrusted data, leading to object injection attacks, which can severely compromise both confidentiality and integrity within an organization. The attack vector is network-based and does not require user interaction or special privileges, making it relatively easy to exploit. To remediate this issue, users are advised to update the Talkback plugin to the latest version available, as outlined in security advisories like those from Patchstack. If exploited, this vulnerability poses significant risks including unauthorized access and potential system disruption due to its high availability impact score.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share