CVE-2024-47530

CVSS V2 None CVSS V3 None

Description

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.

Overview

CVE ID
CVE-2024-47530

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-09-30T15:17:39.731Z

Last Modified Date
2024-09-30T15:45:37.010Z

Weakness Enumerations

CWE	URL
CWE-601	http://cwe.mitre.org/data/definitions/601.html

References

Reference URL	Reference Tags
https://github.com/Clinical-Genomics/scout/security/advisories/GHSA-3x45-2m34-x95v	x_refsource_CONFIRM
https://github.com/Clinical-Genomics/scout/commit/50055edfca9a7183b248019af97e1fb0b0065a02	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-47530
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47530

History

Created	Old Value	New Value	Data Type	Notes
2024-10-06 20:03:30				Added to TrackCVE