CVE-2024-49379
CVSS V2 None
CVSS V3 None
Description
Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed to the redirect parameter the attacker provided JavaScript will be executed after the user entered their password and clicked on login. This vulnerability is fixed in 1.2.2.
Overview
- CVE ID
- CVE-2024-49379
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-13T17:18:47.547Z
- Last Modified Date
- 2024-11-13T17:18:47.547Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://securitylab.github.com/advisories/GHSL-2024-164_Umbrel/ | x_refsource_CONFIRM |
https://github.com/getumbrel/umbrel/commit/b83e3542650880bf1439419d00bf82285a7d2b22 | x_refsource_MISC |
https://github.com/getumbrel/umbrel/releases/tag/1.2.2 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-49379 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49379 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-14 13:22:19 | Added to TrackCVE |