admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-493xx/CVE-2024-49379.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

90 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-49379",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-13T18:15:22.153",
"lastModified": "2024-11-21T17:15:20.587",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed to the redirect parameter the attacker provided JavaScript will be executed after the user entered their password and clicked on login. This vulnerability is fixed in 1.2.2."
},
{
"lang": "es",
"value": "Umbrel es un sistema operativo para servidores dom\u00e9sticos que se alojan en servidores propios. La funcionalidad de inicio de sesi\u00f3n de Umbrel anterior a la versi\u00f3n 1.2.2 contiene una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en use-auth.tsx. Un atacante puede especificar un par\u00e1metro de consulta de redireccionamiento malicioso para activar la vulnerabilidad. Si se pasa una URL de JavaScript al par\u00e1metro de redireccionamiento, el JavaScript proporcionado por el atacante se ejecutar\u00e1 despu\u00e9s de que el usuario ingrese su contrase\u00f1a y haga clic en iniciar sesi\u00f3n. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.2.2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/getumbrel/umbrel/commit/b83e3542650880bf1439419d00bf82285a7d2b22",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getumbrel/umbrel/releases/tag/1.2.2",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-164_Umbrel/",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink