Lucene search

[email protected]NVD:CVE-2024-38164

HistoryJul 23, 2024 - 10:15 p.m.

CVE-2024-38164

2024-07-2322:15:08

CWE-284

[email protected]

web.nvd.nist.gov

improper access control

groupme

unauthenticated attacker

privilege elevation

malicious link

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.1%

JSON

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.

Affected configurations

Nvd

Node

microsoftgroupmeMatch-

VendorProductVersionCPE
microsoftgroupme-cpe:2.3:a:microsoft:groupme:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	groupme	-	cpe:2.3:a:microsoft:groupme:-:::::::*

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38164

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.1%

JSON

Related for NVD:CVE-2024-38164

mscve1 vulnrichment1 cve1 cvelist1 kaspersky1