216.73.217.64

CVE-2024-56310

· Published 22/12/2024 21:15 · Modified 14/01/2025 17:15

Labels: CVE-2024-56310 2024-12-22CVE-2024-56310CWE-352[email protected]

Essential information

Published
22/12/2024 21:15
Modified
14/01/2025 17:15
Author
Creator
CISA KEV
No
CWE

Description

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References