CVE-2024-51382

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-51382

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51382.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-51382

Published

2024-11-05T19:15:07Z

Modified

2025-06-27T10:56:48.222086Z

Summary

[none]

Details

Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the system.

References

https://hacking-notes.medium.com/cve-2024-51382-jatos-v3-9-3-csrf-admin-password-reset-1adeff0386ed

Affected packages

Git / github.com/jatos/jatos

Affected ranges

Type: GIT
Repo: https://github.com/jatos/jatos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

694d15402ee5e3853f05f48ffe38bb612e7a1804

Affected versions

g3.*

g3.5.4

j3.*

j3.3.5

n3.*

n3.3.5

v1.*

v1.0alpha

v1.1.1-alpha

v1.1.10-beta

v1.1.11-beta

v1.1.2-alpha

v1.1.3-beta

v1.1.4-beta

v1.1.5-beta

v1.1.6-beta

v1.1.7-beta

v1.1.8-beta

v1.1.9-beta

v1.1alpha

v2.*

v2.1.1-alpha

v2.1.10-beta

v2.1.11-beta

v2.1.12-beta

v2.1.2-alpha

v2.1.3-alpha

v2.1.4-alpha

v2.1.5-beta

v2.1.6-beta

v2.1.7-beta

v2.1.8-beta

v2.1.9-beta

v2.2.1-beta

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v3.*

v3.1.1-beta

v3.1.10

v3.1.11

v3.1.12

v3.1.2-beta

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2.1

v3.2.2

v3.2.3

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.4.1

v3.4.2

v3.5.1

v3.5.10

v3.5.11

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.6

v3.5.6-alpha

v3.5.7

v3.5.8

v3.5.9

v3.5.9-beta

v3.6.1

v3.7.1

v3.7.1-alpha

v3.7.2

v3.7.3

v3.7.3-alpha

v3.7.4

v3.7.4-alpha

v3.7.5

v3.7.5-alpha

v3.7.6

v3.8.1

v3.8.1-alpha

v3.8.2

v3.8.3

v3.8.4

v3.8.5

v3.8.5-alpha

v3.8.6

v3.9.1

v3.9.1-alpha

v3.9.2

v3.9.3