How severe is CVE-2024-30250?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-30250?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2024-30250 - HIGH Severity | CVSS 7.5

Vulnerability Description

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid `integrity` attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believe that the injected resource is legit. This vulnerability is patched in version 1.3.2.

Related Vulnerabilities

CVE-2015-5236

HIGH

CVSS:7.5(High)

It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not ha...

CWE-3452015

CVE-2015-7539

HIGH

CVSS:7.5(High)

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to e...

CWE-3452015

CVE-2016-1493

HIGH

CVSS:7.5(High)

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

CWE-3452016

CVE-2016-3983

HIGH

CVSS:7.5(High)

McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.

CWE-3452016

CVE-2016-9450

HIGH

CVSS:7.5(High)

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

CWE-3452016

CVE-2017-10624

HIGH

CVSS:7.5(High)

Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affecte...

CWE-3452017