CVE-2024-54408

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54408 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Youtube Video Grid, from n/a through 1.9. Maliciously crafted requests could exploit inadequately configured access control security levels, allowing attackers to manipulate user actions and potentially gain unauthorized access to sensitive information or perform unwanted actions on behalf of the user. This issue poses a significant risk to users of the Youtube Video Grid and highlights the importance of implementing robust CSRF protection mechanisms to safeguard against such attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KJ1-h
https://www.cve.org/CVERecord?id=CVE-2024-54408
https://nvd.nist.gov/vuln/detail/CVE-2024-54408

Back to Vulnerability Database

CVE-2024-54408

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations