CVE-2024-51382

Source
https://cve.org/CVERecord?id=CVE-2024-51382
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51382.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-51382
Published
2024-11-05T00:00:00Z
Modified
2026-07-15T01:49:08.590642614Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the system.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/51xxx/CVE-2024-51382.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/jatos/jatos

Affected ranges

Type
GIT
Repo
https://github.com/jatos/jatos
Events
Database specific
{
    "cpe": "cpe:2.3:a:jatos:jatos:3.9.3:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.9.3"
        },
        {
            "last_affected": "3.9.3"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

3.*
3.9.3
v3.*
v3.9.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51382.json"