CVE-2024-23736

2024-07-0122:15:02

[email protected]

web.nvd.nist.gov

cross site request forgery

csrf

s/notify

confluence

s/mime certificate

pgp key

vulnerability

manipulation

malicious link

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user’s S/MIME certificate of PGP key via malicious link or email.

References

help.savignano.net/snotify-email-encryption/sa-2023-11-28#SA-2023-11-28-CSRFbasedvulnerabilityinuserupload