CVE-2024-51381
- Source
- https://cve.org/CVERecord?id=CVE-2024-51381
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51381.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-51381
- Published
- 2024-11-05T19:15:07.550Z
- Modified
- 2026-04-10T05:14:49.334955Z
- Severity
-
- 8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control.
- References
Affected packages
Git / github.com/jatos/jatos
Affected versions
g3.*
g3.5.4
v1.*
v1.0alpha
v1.1.1-alpha
v1.1.10-beta
v1.1.11-beta
v1.1.2-alpha
v1.1.3-beta
v1.1.4-beta
v1.1.5-beta
v1.1.6-beta
v1.1.7-beta
v1.1.8-beta
v1.1.9-beta
v1.1alpha
v2.*
v2.1.1-alpha
v2.1.10-beta
v2.1.11-beta
v2.1.12-beta
v2.1.2-alpha
v2.1.3-alpha
v2.1.4-alpha
v2.1.5-beta
v2.1.6-beta
v2.1.7-beta
v2.1.8-beta
v2.1.9-beta
v2.2.1-beta
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v3.*
v3.1.1-beta
v3.1.10
v3.1.11
v3.1.12
v3.1.2-beta
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.1
v3.2.2
v3.2.3
v3.3.1
v3.3.2
v3.3.3
v3.4.1
v3.4.2
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6-alpha
v3.7.1
v3.7.1-alpha
v3.7.2
v3.7.3
v3.7.4
v3.7.4-alpha
v3.7.5
v3.8.1
v3.8.1-alpha
v3.8.2
v3.8.3
v3.8.4
v3.8.5
v3.8.5-alpha
v3.9.1
v3.9.1-alpha
v3.9.2
v3.9.3