CVE-2024-8489

Summary

CVE-2024-8489 is a newly discovered vulnerability impacting the AgentScope Studio backend server in modelscope/agentscope. The issue stems from overly permissive CORS headers, which enable Cross-Site Request Forgery (CSRF) attacks. An attacker successfully exploiting this vulnerability can gain access to all backend endpoints, including the sensitive `api/file` endpoint. This allows the attacker to read arbitrary files on the target's local file system through CSRF attacks. The vulnerability affects the latest commit on the main branch (21161fe). Organizations using AgentScope Studio are advised to address this issue promptly to prevent potential data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.