Lucene search
MitreCVE-2024-29401HistoryMar 26, 2024 - 3:15 p.m.
CVE-2024-29401
2024-03-2615:15:49
CWE-613
mitre
web.nvd.nist.gov
29
xzs-mysql
vulnerability
insufficient session expiration
attackers
deleted admin
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
9.0%
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.
Related
nvd
nvd
CVE-2024-29401
2024-03-26 15:15:49
cvelist
cvelist
CVE-2024-29401
2024-03-26 00:00:00
vulnrichment
vulnrichment
CVE-2024-29401
2024-03-26 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
9.0%
Related for CVE-2024-29401