CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-27632: An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
8.8
CVSS
Description
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
Classification
CVE ID: CVE-2024-27632
CVSS Base Severity: HIGH
CVSS Base Score: 8.8
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 1.59% (probability of being exploited)
EPSS Percentile: 80.63% (scored less or equal to compared to others)
EPSS Date: 2025-04-24 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-27632https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3
https://github.com/ally-petitt/CVE-2024-27632