CVE-2024-9710

CVSS 3.0 Score 7.1 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 918

Summary

CVE-2024-9710 is a Server-Side Request Forgery (SSRF) vulnerability affecting PostHog's database_schema feature. This issue allows remote attackers to disclose sensitive information by bypassing proper URI validation. Authentication is necessary to exploit this flaw. The vulnerability could potentially allow an attacker to execute code in the context of the service account. This vulnerability, originally identified as ZDI-CAN-25351, underscores the importance of input validation in preventing unauthorized access and potential data leaks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share