mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
100 lines
3.5 KiB
JSON
100 lines
3.5 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-34074",
|
|
"ASSIGNER": "security-advisories@github.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
|
|
"cweId": "CWE-601"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "frappe",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "frappe",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": ">= 15.0.0, <= 15.25.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "<= 14.73.0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://github.com/frappe/frappe/security/advisories/GHSA-7g27-q225-j894",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/frappe/frappe/security/advisories/GHSA-7g27-q225-j894"
|
|
},
|
|
{
|
|
"url": "https://github.com/frappe/frappe/pull/26304",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/frappe/frappe/pull/26304"
|
|
},
|
|
{
|
|
"url": "https://github.com/frappe/frappe/commit/65b3c42635038cdff17d3109be6c373bac004829",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/frappe/frappe/commit/65b3c42635038cdff17d3109be6c373bac004829"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "GHSA-7g27-q225-j894",
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |