CVE-2024-52872

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 17, 2024

Updated: Nov 18, 2024

CWE ID 275

Summary

CVE-2024-52872 is a recently disclosed vulnerability affecting Flagsmith before version 2.134.1. This issue lies in the get_document endpoint, which fails to enforce proper permissions. An unauthorized user may exploit this vulnerability to access documents that they should not have been able to reach, potentially leading to data leakage or other malicious activities. Flagsmith is urged to apply the necessary patches to mitigate this risk. Users should also review access controls and ensure that only authorized individuals have access to sensitive data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Flagsmith

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0nRUki
https://www.cve.org/CVERecord?id=CVE-2024-52872
https://nvd.nist.gov/vuln/detail/CVE-2024-52872

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-52872

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations