How severe is CVE-2024-38353?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-38353?

This is classified as CWE-338, which is a common weakness in software security.

CVE-2024-38353 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an attacker can determine the filenames for previously uploaded images and the likelihood of this issue being exploited is increased. This vulnerability is fixed in 2.5.4.

Related Vulnerabilities

CVE-2012-6124

MEDIUM

CVSS:5.3(Medium)

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and ...

CWE-3382012

CVE-2019-7855

MEDIUM

CVSS:5.3(Medium)

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generat...

CWE-3382019

CVE-2019-8113

MEDIUM

CVSS:5.3(Medium)

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.

CWE-3382019

CVE-2021-23126

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.

CWE-3382021

CVE-2021-29245

MEDIUM

CVSS:5.3(Medium)

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.

CWE-3382021

CVE-2023-50059

MEDIUM

CVSS:5.3(Medium)

An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce (random number)

CWE-3382023