How severe is CVE-2024-6586?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2024-6586?

This is classified as CWE-201, which is a common weakness in software security.

CVE-2024-6586 - HIGH Severity | CVSS 7.3

Vulnerability Description

Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to /api/v1/dashboards//export. The forged request contains the value of the exporting user’s session token. A threat actor could obtain the session token of any user who exports the dashboard. The obtained session token can be used to perform actions as the victim on the application, resulting in session takeover.

Related Vulnerabilities

CVE-2023-6916

HIGH

CVSS:7.2(High)

Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation.

CWE-2012023

CVE-2016-10518

HIGH

CVSS:7.5(High)

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a po...

CWE-2012016

CVE-2016-10519

HIGH

CVSS:7.5(High)

A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.

CWE-2012016

CVE-2020-5364

HIGH

CVSS:7.5(High)

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-...

CWE-2012020

CVE-2020-8975

HIGH

CVSS:7.5(High)

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access ...

CWE-2012020

CVE-2023-3413

HIGH

CVSS:7.5(High)

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was pos...

CWE-2012023