CVE-2024-10141
Last modified
CVE-2024-10141 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. EPSS estimates a 0.80% chance of exploitation in the next 30 days.
Description
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jsbroks | Coco Annotator | 0.11.1 |
References
- https://github.com/jsbroks/coco-annotator/issues/626Exploit, Issue Tracking, Third Party Advisory
- https://github.com/jsbroks/coco-annotator/issues/626#issue-2582440109Exploit, Third Party Advisory
- https://vuldb.com/?ctiid.280929Permissions Required, Third Party Advisory, VDB Entry
- https://vuldb.com/?id.280929Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.422713Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-10141?
How severe is CVE-2024-10141?
How do I fix CVE-2024-10141?
Are you affected by CVE-2024-10141?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST