How severe is CVE-2024-0551?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2024-0551?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-0551 - HIGH Severity | CVSS 7.1

Vulnerability Description

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system. The endpoint for exporting should simply be patched to a higher privilege level.

Related Vulnerabilities

CVE-2014-2277

HIGH

CVSS:7.1(High)

The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpna...

CWE-2842014

CVE-2016-2150

HIGH

CVSS:7.1(High)

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

CWE-2842016

CVE-2016-3708

HIGH

CVSS:7.1(High)

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to...

CWE-2842016

CVE-2016-3713

HIGH

CVSS:7.1(High)

The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequent...

CWE-2842016

CVE-2016-5173

HIGH

CVSS:7.1(High)

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigg...

CWE-2842016

CVE-2016-5492

HIGH

CVSS:7.1(High)

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors relate...

CWE-2842016