"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2024-06-26 01:00:32 +00:00 · 2024-06-26 01:00:32 +00:00 · 045de35b6e
commit 045de35b6e
parent 951e76d5cb
1 changed files with 72 additions and 4 deletions
--- a/2024/24xxx/CVE-2024-24764.json
+++ b/2024/24xxx/CVE-2024-24764.json
@ -1,17 +1,85 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-24764",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security-advisories@github.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema.  The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
+                        "cweId": "CWE-601"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "octobercms",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "october",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": ">= 3.2, < 3.5.15"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5",
+                "refsource": "MISC",
+                "name": "https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-v2vf-jv88-3fp5",
+        "discovery": "UNKNOWN"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "LOW",
+                "baseScore": 3.5,
+                "baseSeverity": "LOW",
+                "confidentialityImpact": "LOW",
+                "integrityImpact": "NONE",
+                "privilegesRequired": "HIGH",
+                "scope": "UNCHANGED",
+                "userInteraction": "REQUIRED",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
+                "version": "3.1"
            }
        ]
    }