CVE-2024-35710

2024-06-0814:15:09

CWE-200

[email protected]

web.nvd.nist.gov

cve-2024-35710

podlove web player

sensitive information exposure

unauthorized actor

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3.

Affected configurations

Vulners

Node

podlovepodlove_podcast_publisherRange≤5.7.3

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "podlove-web-player",
    "product": "Podlove Web Player",
    "vendor": "Podlove",
    "versions": [
      {
        "changes": [
          {
            "at": "5.7.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.7.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]