Lucene search
HistoryJan 08, 2024 - 2:15 p.m.
CVE-2024-21644
pyload
download manager
python
nvd
cve-2024-21644
security vulnerability
patch
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.118 Low
EPSS
Percentile
95.3%
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. This issue has been patched in version 0.5.0b3.dev77.
Affected configurations
Node
pyloadpyloadRange<0.5.0b3.dev77
CNA Affected
[
{
"vendor": "pyload",
"product": "pyload",
"versions": [
{
"version": "< 0.5.0b3.dev77",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage
2024-01-08 13:20:55
osv
osv
CVE-2024-21644
2024-01-08 14:15:47
pyload Unauthenticated Flask Configuration Leakage vulnerability
2024-01-08 15:40:39
veracode
veracode
Information Disclosure
2024-01-09 06:36:14
github
github
pyload Unauthenticated Flask Configuration Leakage vulnerability
2024-01-08 15:40:39
nuclei
nuclei
pyLoad Flask Config - Access Control
2024-01-29 16:33:24
githubexploit
githubexploit
Exploit for Improper Access Control in Pyload
2024-03-30 01:00:31
prion
prion
Design/Logic Flaw
2024-01-08 14:15:00
nvd
nvd
CVE-2024-21644
2024-01-08 14:15:47
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.118 Low
EPSS
Percentile
95.3%
Related for CVE-2024-21644