Vulnerability Description
REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vanderbilt | Redcap | <= 14.9.6 |
Related Weaknesses (CWE)
References
- https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCapExploitThird Party Advisory
- https://www.evms.edu/research/resources_services/redcap/redcap_change_log/Product
FAQ
What is CVE-2024-56310?
CVE-2024-56310 is a vulnerability with a CVSS score of 8.8 (HIGH). REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a ...
How severe is CVE-2024-56310?
CVE-2024-56310 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-56310?
Check the references section above for vendor advisories and patch information. Affected products include: Vanderbilt Redcap.