Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2024-22416 First vendor Publication 2024-01-18
Vendor Cve Last vendor Modification 2024-01-29

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Overall CVSS Score 8.8
Base Score 8.8 Environmental Score 8.8
impact SubScore 5.9 Temporal Score 8.8
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction Required
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22416

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e
https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc
https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2024-01-29 21:27:39
  • Multiple Updates
2024-01-19 02:39:36
  • Multiple Updates
2024-01-19 02:39:35
  • Multiple Updates
2024-01-18 17:27:22
  • Multiple Updates
2024-01-18 05:27:21
  • First insertion