CVE-2024-23734

2024-04-1000:00:00

mitre

github.com

cve-2024-23734

savignano s/notify

bitbucket

s/mime certificate

pgp keys

upload functionality

AI Score

7.3

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link.

References

help.savignano.net/snotify-email-encryption/sa-2023-11-28

help.savignano.net/snotify-email-encryption/security-advisories