{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8412", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-09-04T08:43:35.617Z", "datePublished": "2024-09-04T15:31:04.200Z", "dateUpdated": "2024-09-04T15:43:55.055Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-09-04T15:31:04.200Z"}, "title": "LinuxOSsk Shakal-NG views.py redirect", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-601", "lang": "en", "description": "CWE-601 Open Redirect"}]}], "affected": [{"vendor": "LinuxOSsk", "product": "Shakal-NG", "versions": [{"version": "1.3.0", "status": "affected"}, {"version": "1.3.1", "status": "affected"}, {"version": "1.3.2", "status": "affected"}, {"version": "1.3.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in LinuxOSsk Shakal-NG bis 1.3.3 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei comments/views.py. Durch das Manipulieren des Arguments next mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als ebd1c2cba59cbac198bf2fd5a10565994d4f02cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-09-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-09-04T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-09-04T10:48:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "zihe (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.276492", "name": "VDB-276492 | LinuxOSsk Shakal-NG views.py redirect", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.276492", "name": "VDB-276492 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.400792", "name": "Submit #400792 | LinuxOSsk Shakal-NG 1.3.3 Open Redirect", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LinuxOSsk/Shakal-NG/issues/202", "tags": ["issue-tracking"]}, {"url": "https://github.com/LinuxOSsk/Shakal-NG/issues/202#issuecomment-2325187434", "tags": ["issue-tracking"]}, {"url": "https://github.com/LinuxOSsk/Shakal-NG/commit/ebd1c2cba59cbac198bf2fd5a10565994d4f02cb", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T15:43:41.630977Z", "id": "CVE-2024-8412", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T15:43:55.055Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8412", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T15:43:41.630977Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T15:43:50.538Z"}}], "cna": {"title": "LinuxOSsk Shakal-NG views.py redirect", "credits": [{"lang": "en", "type": "reporter", "value": "zihe (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "LinuxOSsk", "product": "Shakal-NG", "versions": [{"status": "affected", "version": "1.3.0"}, {"status": "affected", "version": "1.3.1"}, {"status": "affected", "version": "1.3.2"}, {"status": "affected", "version": "1.3.3"}]}], "timeline": [{"lang": "en", "time": "2024-09-04T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-09-04T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-09-04T10:48:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.276492", "name": "VDB-276492 | LinuxOSsk Shakal-NG views.py redirect", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.276492", "name": "VDB-276492 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.400792", "name": "Submit #400792 | LinuxOSsk Shakal-NG 1.3.3 Open Redirect", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LinuxOSsk/Shakal-NG/issues/202", "tags": ["issue-tracking"]}, {"url": "https://github.com/LinuxOSsk/Shakal-NG/issues/202#issuecomment-2325187434", "tags": ["issue-tracking"]}, {"url": "https://github.com/LinuxOSsk/Shakal-NG/commit/ebd1c2cba59cbac198bf2fd5a10565994d4f02cb", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in LinuxOSsk Shakal-NG bis 1.3.3 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei comments/views.py. Durch das Manipulieren des Arguments next mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als ebd1c2cba59cbac198bf2fd5a10565994d4f02cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 Open Redirect"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-09-04T15:31:04.200Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8412", "state": "PUBLISHED", "dateUpdated": "2024-09-04T15:43:55.055Z", "dateReserved": "2024-09-04T08:43:35.617Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-09-04T15:31:04.200Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxos:shakal-ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6248D95-9207-49D3-BD21-0A8003C1F0BF", "versionEndIncluding": "1.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en LinuxOSsk Shakal-NG hasta la versi\u00f3n 1.3.3. Se ve afectada una funci\u00f3n desconocida del archivo comments/views.py. La manipulaci\u00f3n del argumento next provoca una redirecci\u00f3n abierta. Es posible lanzar el ataque de forma remota. El nombre del parche es ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2024-8412", "lastModified": "2024-09-12T16:47:19.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-09-04T16:15:09.393", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/LinuxOSsk/Shakal-NG/commit/ebd1c2cba59cbac198bf2fd5a10565994d4f02cb"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/LinuxOSsk/Shakal-NG/issues/202"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/LinuxOSsk/Shakal-NG/issues/202#issuecomment-2325187434"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.276492"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.276492"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?submit.400792"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}