Lucene search

CVE-2024-7297

🗓️ 30 Jul 2024 17:14:15Reported by tenableType

cve🔗 web.nvd.nist.gov👁 47 Views🌐 WEB

Langflow Privilege Escalation CVE-2024-7297 vulnerabilit

Reporter	Title	Published	Views	Family All 5
Vulnrichment	CVE-2024-7297 Langflow Privilege Escalation	30 Jul 202416:13	–	vulnrichment
Cvelist	CVE-2024-7297 Langflow Privilege Escalation	30 Jul 202416:13	–	cvelist
NVD	CVE-2024-7297	30 Jul 202417:15	–	nvd
RedhatCVE	CVE-2024-7297	5 Feb 202511:50	–	redhatcve
Veracode	Privilege Escalation	1 Aug 202405:57	–	veracode

[
  {
    "collectionURL": "https://pypi.python.org",
    "defaultStatus": "unaffected",
    "packageName": "langflow",
    "repo": "https://github.com/langflow-ai/langflow",
    "versions": [
      {
        "lessThan": "1.0.13",
        "status": "affected",
        "version": "0",
        "versionType": "python"
      }
    ]
  }
]

Source	Link
tenable	www.tenable.com/security/research/tra-2024-26

Parameter	Position	Path	Description	CWE
	request body	/api/v1/users	Privilege Escalation vulnerability allowing low privileged attackers to gain super admin privileges through mass assignment.	CWE-913

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 Jul 2024 17:15Current

8.7High risk

Vulners AI Score8.7

CVSS38.8

EPSS0.00043

SSVC

CWE-913