CVE-2024-10141
CVE-2024-10141
Título es
CVE-2024-10141
Sáb, 19/10/2024 – 15:15
Tipo
CWE-341
Gravedad v2.0
2.60
Gravedad 2.0 Txt
LOW
Título en
CVE-2024-10141
Descripción en
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
19/10/2024
19/10/2024
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector CVSS:2.0
AV:N/AC:H/Au:N/C:P/I:N/A:N
Gravedad 4.0
6.30
Gravedad 4.0 txt
MEDIUM
Gravedad 3.1 (CVSS 3.1 Base Score)
3.70
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW
Referencias
Enviar en el boletín
Off
