CVE-2024-28215

high

Description

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

References

https://cve.naver.com/detail/cve-2024-28215.html

Details

Source: Mitre, NVD

Published: 2024-03-07

Updated: 2025-05-07

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00202

Detections

Analytics