Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.11 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

7.5CVSS5.4AI score0.00429EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.9 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

7.3CVSS5.8AI score0.03919EPSS
Exploits2References1
NVD
NVD
added 2026/05/08 6:16 a.m.30 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

7.5CVSS0.00429EPSS
Exploits3References2
NVD
NVD
added 2026/05/08 6:16 a.m.21 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

7.3CVSS0.03919EPSS
Exploits2References1
CVE
CVE
added 2026/05/08 12:0 a.m.31 views

CVE-2024-46508

CVE-2024-46508 affects yeti-platform yeti before 2.1.12. The issue allows an attacker to generate valid JWT tokens if YETI_AUTH_SECRET_KEY remains at the default SECRET. CVSS v3.1 base score 7.5 (High) with Network attack vector and no privileges required. Root cause: secret key used for JWT sign...

7.5CVSS5.8AI score0.03919EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Yeti Platform 信任管理问题漏洞

Yeti Platform is an open-source daily threat intelligence platform developed by Yeti Platform. Versions of Yeti Platform prior to 2.1.12 had a trust management vulnerability. This vulnerability occurred because allowing attackers to generate valid JWT tokens occurred without changing the...

7.5CVSS5.8AI score0.00429EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

Yeti Platform 代码注入漏洞

Yeti Platform is an open-source daily threat intelligence platform developed by Yeti Platform. Versions of Yeti Platform prior to 2.1.12 contained a code injection vulnerability. This vulnerability stemmed from server-side template injection during the custom template export function, which could...

7.3CVSS6AI score0.03919EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/08 12:0 a.m.8 views

EUVD-2024-55570

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

7.3CVSS6AI score0.03919EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.7 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

5.8AI score0.03919EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.9 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

6AI score0.03919EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.9 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

5.8AI score0.03919EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.7 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

6AI score0.03919EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/08 12:0 a.m.10 views

EUVD-2024-55571

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

7.5CVSS5.8AI score0.03919EPSS
Exploits3References1
CVE
CVE
added 2026/05/08 12:0 a.m.80 views

CVE-2024-46507

CVE-2024-46507: Yeti Platform prior to 2.1.12 contains a Server-Side Template Injection (SSTI) in the custom template export function that can lead to remote code execution on the application server. Exploitation requires valid credentials (authenticated user). Impact includes arbitrary command e...

7.3CVSS6AI score0.03919EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.51 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

0.00429EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.49 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

0.03919EPSS
Exploits2References1
OSV
OSV
added 2026/05/08 12:0 a.m.2 views

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

7.3CVSS7.4AI score0.03919EPSS
Exploits2References3
OSV
OSV
added 2026/05/08 12:0 a.m.3 views

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

7.5CVSS7.2AI score0.03919EPSS
Exploits3References4
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.103 views

Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE

The Yeti Platform " verified: true max-request: 4 tags: cve,cve2024,yeti,platform,ssti,rce,intrusive,vkev,vuln variables: username: "username" password: "password" http: - raw: - | POST /api/v2/auth/token HTTP/1.1 Host: Hostname Content-Type:...

7.3CVSS7.7AI score0.03919EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2025/02/04 12:0 a.m.11 views

The vulnerability of the YETI platform for collecting and analyzing data on cyber threats lies in the insufficient verification of input data. This allows a malicious actor to execute arbitrary code or carry out Server Side Template Injection (SSTI) attacks.

The vulnerability of the YETI platform for collecting and analyzing data on cyber threats is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or carry out Server Side Template Injection SSTI attacks...

9CVSS8.2AI score0.03919EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder