How severe is CVE-2024-56170?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-56170?

This is classified as CWE-346, which is a common weakness in software security.

CVE-2024-56170

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-346

View all →

Vulnerability Description

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it's prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation.

CVE-2017-18016

MEDIUM

CVSS:5.3(Medium)

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the cu...

CWE-3462017

CVE-2018-5109

MEDIUM

CVSS:5.3(Medium)

An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, lead...

CWE-3462018

CVE-2019-9797

MEDIUM

CVSS:5.3(Medium)

Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canv...

CWE-3462019

CVE-2019-9808

MEDIUM

CVSS:5.3(Medium)

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the ...

CWE-3462019

CVE-2019-9817

MEDIUM

CVSS:5.3(Medium)

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerabil...

CWE-3462019

CVE-2022-23032

MEDIUM

CVSS:5.3(Medium)

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebind...

CWE-3462022

CVE-2024-56170

Vulnerability Description

Related Vulnerabilities

CVE-2017-18016

CVE-2018-5109

CVE-2019-9797

CVE-2019-9808

CVE-2019-9817

CVE-2022-23032