CVE-2024-51382

{"id": "CVE-2024-51382", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.7}]}, "published": "2024-11-05T19:15:07.640", "references": [{"url": "https://hacking-notes.medium.com/cve-2024-51382-jatos-v3-9-3-csrf-admin-password-reset-1adeff0386ed", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the system."}, {"lang": "es", "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en JATOS v3.9.3 permite a un atacante restablecer la contrase\u00f1a del administrador. Este fallo de seguridad cr\u00edtica puede generar acceso no autorizado a la plataforma, lo que permite a los atacantes secuestrar cuentas de administrador y comprometer la integridad y seguridad del sistema."}], "lastModified": "2024-11-06T18:17:17.287", "sourceIdentifier": "cve@mitre.org"}