How severe is CVE-2024-28251?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2024-28251?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2024-28251 - MEDIUM Severity | CVSS 5.6

Vulnerability Description

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2025-2346

MEDIUM

CVSS:5.6(Medium)

A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulat...

CWE-3452025

CVE-2019-10157

MEDIUM

CVSS:5.5(Medium)

It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use thi...

CWE-3452019

CVE-2020-14122

MEDIUM

CVSS:5.5(Medium)

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage.

CWE-3452020

CVE-2020-23906

MEDIUM

CVSS:5.5(Medium)

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.

CWE-3452020

CVE-2020-9885

MEDIUM

CVSS:5.5(Medium)

An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchO...

CWE-3452020

CVE-2021-22419

MEDIUM

CVSS:5.5(Medium)

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos.

CWE-3452021