CVE-2024-8412

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024
CWE ID 601

Summary

CVE-2024-8412 is a vulnerability identified in the LinuxOSsk Shakal-NG software up to version 1.3.3, specifically in the comments/views.py file, which allows for an open redirect through manipulation of the 'next' argument. This issue can be exploited remotely, posing a medium-level threat with a CVSS score of 4.3. Affected products include yZIGXI, yZIDMA, yZIGXJ, and yZIyDw. To remediate the vulnerability, it is advised to apply the patch identified by commit ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. If left unaddressed, this vulnerability could lead to potential integrity issues within an organization's systems due to unauthorized redirection risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share