How severe is CVE-2024-39899?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-39899?

This is classified as CWE-305, which is a common weakness in software security.

CVE-2024-39899 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4.

Related Vulnerabilities

CVE-2020-10123

MEDIUM

CVSS:5.3(Medium)

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with phys...

CWE-3052020

CVE-2020-15077

MEDIUM

CVSS:5.3(Medium)

OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be use...

CWE-3052020

CVE-2023-46611

MEDIUM

CVSS:5.3(Medium)

Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28.

CWE-3052023

CVE-2024-42513

MEDIUM

CVSS:5.3(Medium)

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.

CWE-3052024

CVE-2024-5956

MEDIUM

CVSS:5.3(Medium)

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly

CWE-3052024

CVE-2024-9683

MEDIUM

CVSS:5.3(Medium)

A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall secur...

CWE-3052024