Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/02/13 4:5 p.m.7 views

CVE-2025-24897

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

8.2CVSS7.2AI score0.00132EPSS
Exploits0References1
nvd
nvd
added 2025/02/11 4:15 p.m.12 views

CVE-2025-24897

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

8.2CVSS0.00132EPSS
Exploits0References2
circl
circl
added 2025/02/11 3:40 p.m.8 views

CVE-2025-24897

creationtimestamp| type| source ---|---|--- 2025-02-11 15:40:15+00:00| seen| https://infosec.exchange/users/cve/statuses/113986005583376363 2025-02-11 16:17:09+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhw2o3s55w2a 2025-02-11 16:48:33+00:00| seen|...

8.2CVSS6.9AI score0.00132EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/02/11 3:20 p.m.20 views

CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

8.2CVSS8.4AI score0.00132EPSS
Exploits0References2
cvelist
cvelist
added 2025/02/11 3:20 p.m.25 views

CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

8.2CVSS0.00132EPSS
Exploits0References2
cve
cve
added 2025/02/11 3:20 p.m.101 views

CVE-2025-24897

Misskey CSRF vulnerability (CVE-2025-24897) affects Misskey versions 12.109.0 up to but not including 2025.2.0-alpha.0, due to CSRF protection gaps and insecure authentication cookie attributes in Bull dashboard. Some bull-board APIs can be driven into CSRF attacks, enabling potential manipulatio...

8.2CVSS8.5AI score0.00132EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder