How severe is CVE-2024-4839?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2024-4839?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-4839 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent.

Related Vulnerabilities

CVE-2024-39326

MEDIUM

CVSS:4.4(Medium)

SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint `/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to a cross-site reques...

CWE-3522024

CVE-2024-4403

MEDIUM

CVSS:4.4(Medium)

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintende...

CWE-3522024

CVE-2024-6673

MEDIUM

CVSS:4.4(Medium)

A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The end...

CWE-3522024

CVE-2017-8382

MEDIUM

CVSS:4.5(Medium)

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

CWE-3522017

CVE-2020-20586

MEDIUM

CVSS:4.5(Medium)

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and pass...

CWE-3522020

CVE-2020-36191

MEDIUM

CVSS:4.5(Medium)

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

CWE-3522020