Lucene search

K
cve[email protected]CVE-2024-1143
HistoryFeb 02, 2024 - 6:15 a.m.

CVE-2024-1143

2024-02-0206:15:45
CWE-79
web.nvd.nist.gov
17
cve
2024
1143
central dogma
xss
vulnerability
session leakage
authentication bypass
nvd

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

0.0005 Low

EPSS

Percentile

17.0%

Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.

Affected configurations

NVD
Node
linecorpcentral_dogmaRange<0.64.1

CNA Affected

[
  {
    "vendor": "LINE Corporation",
    "product": "Central Dogma",
    "versions": [
      {
        "version": "0.63.3",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "0.64.1"
      }
    ]
  }
]

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

0.0005 Low

EPSS

Percentile

17.0%