CVE-2024-54792

{"id": "CVE-2024-54792", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-01-21T18:15:14.277", "references": [{"url": "https://github.com/MarioTesoro/CVE-2024-54792", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad Cross-Site Request Forgery (CSRF) en SpagoBI v3.5.1 en el panel de administraci\u00f3n de usuarios. Un usuario autenticado puede hacer que otro usuario ejecute acciones no deseadas dentro de la aplicaci\u00f3n en la que ha iniciado sesi\u00f3n, como agregar, editar o eliminar usuarios."}], "lastModified": "2025-07-03T00:52:51.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eng:spagobi:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D8B3A60-A838-4681-9E56-C8CB4D776004"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}