MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
References
Link | Resource |
---|---|
https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b | Patch |
https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr | Exploit Vendor Advisory |
Configurations
History
06 Sep 2024, 13:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:* | |
References | () https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b - Patch | |
References | () https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
First Time |
Mindsdb mindsdb
Mindsdb |
|
Summary |
|
05 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-05 17:15
Updated : 2024-09-06 13:06
NVD link : CVE-2024-24759
Mitre link : CVE-2024-24759
CVE.ORG link : CVE-2024-24759
JSON object : View
Products Affected
mindsdb
- mindsdb
CWE
CWE-918
Server-Side Request Forgery (SSRF)