Lucene search

GoogleOSV:GO-2024-3118

HistorySep 06, 2024 - 8:43 p.m.

Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

2024-09-0620:43:50

Google

osv.dev

windmill http request

users.rs

excessive authentication

github

windmill-labs

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

7.1

Confidence

Low

JSON

Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

References

github.com/windmill-labs/windmill/commit/acfe7786152f036f2476f93ab5536571514fa9e3

github.com/windmill-labs/windmill/releases/tag/v1.390.1

nvd.nist.gov/vuln/detail/CVE-2024-8462

vuldb.com/?ctiid.276630

vuldb.com/?id.276630

vuldb.com/?submit.401826

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

7.1

Confidence

Low

JSON

Related for OSV:GO-2024-3118