Description
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.
Reserved 2024-08-12 | Published 2024-09-10 | Updated 2024-09-10 | Assigner
CERTVDEMEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Problem types
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
Product status
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Credits
Andrea Palanca finder
Nozomi Networks Security Research Team reporter
References
cert.vde.com/en/advisories/VDE-2024-039
cve.org (CVE-2024-7698)
nvd.nist.gov (CVE-2024-7698)
Download JSON
Subscribe to our newsletter to learn more about our work.