CVE-2024-56005

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-56005 is a newly disclosed Cross-Site Request Forgery (CSRF) vulnerability that affects the Posti Shipping software, version n/a through 3.10.3. This issue permits an attacker to trick a user into making unintended actions on a web application, such as changing account settings or transferring funds, by making unauthorized requests on behalf of the user. The attacker must have prior knowledge of the victim's session cookie, which can be obtained through various means. Successful exploitation of this vulnerability could lead to significant data loss or unauthorized access. Users are advised to upgrade to the latest version of Posti Shipping or implement suitable CSRF countermeasures to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database