CVE-2024-23734

Sažetak

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link.

Reference

https://help.savignano.net/snotify-email-encryption/sa-2023-11-28
https://help.savignano.net/snotify-email-encryption/security-advisories

CVSS

Base:	5.2
Impact:	4.2
Exploitability:	0.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

31-10-2024 - 16:35

Objavljeno

10-04-2024 - 16:15