How severe is CVE-2024-11045?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2024-11045?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-11045 - CRITICAL Severity | CVSS 9.6

Vulnerability Description

A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling unauthorized actions on the server. This can lead to unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and potential denial of service (DoS).

Related Vulnerabilities

CVE-2016-5556

CRITICAL

CVSS:9.6(Critical)

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.

CWE-2842016

CVE-2016-5568

CRITICAL

CVSS:9.6(Critical)

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

CWE-2842016

CVE-2016-5580

CRITICAL

CVSS:9.6(Critical)

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through W...

CWE-2842016

CVE-2016-5582

CRITICAL

CVSS:9.6(Critical)

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspo...

CWE-2842016

CVE-2022-26346

CRITICAL

CVSS:9.6(Critical)

A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker ...

CWE-2842022

CVE-2022-27178

CRITICAL

CVSS:9.6(Critical)

A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attac...

CWE-2842022