CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-54792: A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead...

Description

A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users.

Classification

CVE ID: CVE-2024-54792

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.7% (scored less or equal to compared to others)

EPSS Date: 2025-02-19 (when was this score calculated)

References

https://github.com/MarioTesoro/CVE-2024-54792

Timeline

2025-01-22 00:30:27 UTC
CVE

A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead...