CVE-2024-24759

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*

History

06 Sep 2024, 13:06

Type Values Removed Values Added
CPE cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*
References () https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b - () https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b - Patch
References () https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr - () https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : 9.3
v2 : unknown
v3 : 9.1
First Time Mindsdb mindsdb
Mindsdb
Summary
  • (es) MindsDB es una plataforma para crear inteligencia artificial a partir de datos empresariales. Antes de la versión 23.12.4.2, un actor de amenazas podía eludir la protección contra falsificación de solicitudes del lado del servidor en todo el sitio web con DNS Rebinding. La vulnerabilidad también puede provocar una denegación de servicio. La versión 23.12.4.2 contiene un parche.

05 Sep 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-05 17:15

Updated : 2024-09-06 13:06


NVD link : CVE-2024-24759

Mitre link : CVE-2024-24759

CVE.ORG link : CVE-2024-24759


JSON object : View

Products Affected

mindsdb

  • mindsdb
CWE
CWE-918

Server-Side Request Forgery (SSRF)