CVE-2024-29183

April 19, 2024, 4:19 p.m.

6.1
Medium

Description

OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account.

Product(s) Impacted

Product Versions
OpenRASP

Weaknesses

References

https://github.com/baidu/openrasp/commit/240fde3901c7a36aaade3683ffd5c89140a535fb
https://securitylab.github.com/advisories/GHSL-2023-253_openrasp

Tags

CVSS Score

6.1 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Date

  • Published: April 19, 2024, 4:15 p.m.
  • Last Modified: April 19, 2024, 4:19 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.