CVE-2024-8183

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-346
View all →

Vulnerability Description

A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks.

Related Vulnerabilities

CVE-2024-2377

HIGH
CVSS:7.6(High)

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensiti...

CWE-3462024

CVE-2001-1452

HIGH
CVSS:7.5(High)

By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS res...

CWE-3462001

CVE-2005-0877

HIGH
CVSS:7.5(High)

Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.

CWE-3462005

CVE-2014-1487

HIGH
CVSS:7.5(High)

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy...

CWE-3462014

CVE-2016-5168

HIGH
CVSS:7.5(High)

Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.

CWE-3462016

CVE-2016-9902

HIGH
CVSS:7.5(High)

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inj...

CWE-3462016