Strix
26.1K

CVE-2024-56310

HIGHCVSS 8.8/10EPSS 0.24%

Last modified

CVE-2024-56310 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability
0.24%

15.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
VanderbiltRedcap<= 14.9.6

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-56310?
REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.
How severe is CVE-2024-56310?
CVE-2024-56310 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.
How do I fix CVE-2024-56310?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-56310?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST