Lucene search

GoogleOSV:CVE-2024-47530

HistorySep 30, 2024 - 4:15 p.m.

CVE-2024-47530

2024-09-3016:15:09

Google

osv.dev

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.

References

github.com/Clinical-Genomics/scout/commit/50055edfca9a7183b248019af97e1fb0b0065a02

github.com/Clinical-Genomics/scout/security/advisories/GHSA-3x45-2m34-x95v

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

Related for OSV:CVE-2024-47530