CVE-2024-9365 — MEDIUM (6.5)

Vulnerability Description

A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects, model versions, and artifact versions, or changing settings. The impact of this vulnerability includes potential data loss and service disruption.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Related Weaknesses (CWE)

CWE-352

References

https://huntr.com/bounties/cdfa012b-a694-4beb-9a9a-12a9dde07ef9

FAQ

What is CVE-2024-9365?

CVE-2024-9365 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects, ...

How severe is CVE-2024-9365?

CVE-2024-9365 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-9365?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.