CVE-2024-52583
Nov. 19, 2024, 9:57 p.m.
8.2
High
Description
The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024.
Product(s) Impacted
| Product | Versions |
|---|---|
| WesHacks GitHub repository for Muweilah Wesgreen Hackathon website |
|
Weaknesses
CWE-494
Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Tags
CVSS Score
CVSS Data
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- Scope: CHANGED
- Confidentiality Impact: HIGH
- Integrity Impact: LOW
- Availability Impact: NONE
View Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Date
- Published: Nov. 18, 2024, 9:15 p.m.
- Last Modified: Nov. 19, 2024, 9:57 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security-advisories@github.com
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.