Lucene search

[email protected]NVD:CVE-2024-37830

HistoryJul 09, 2024 - 8:15 p.m.

CVE-2024-37830

2024-07-0920:15:11

CWE-601

[email protected]

web.nvd.nist.gov

outline v0.76.1

redirect

vulnerability

intercepting

state cookie

malicious site

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

16.8%

JSON

An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.

Affected configurations

Nvd

Node

getoutlineoutlineRange≤0.76.1

VendorProductVersionCPE
getoutlineoutline*cpe:2.3:a:getoutline:outline:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
getoutline	outline	*	cpe:2.3:a:getoutline:outline::::::::

References

github.com/sysentr0py/CVEs/tree/main/CVE-2024-37830

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

16.8%

JSON

Related for NVD:CVE-2024-37830

cvelist1 vulnrichment1 cve1