CVE-2024-9710
CVSS 3.0 Score 7.1 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 918
Summary
CVE-2024-9710 is a Server-Side Request Forgery (SSRF) vulnerability affecting PostHog's database_schema feature. This issue allows remote attackers to disclose sensitive information by bypassing proper URI validation. Authentication is necessary to exploit this flaw. The vulnerability could potentially allow an attacker to execute code in the context of the service account. This vulnerability, originally identified as ZDI-CAN-25351, underscores the importance of input validation in preventing unauthorized access and potential data leaks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share