CVE-2024-23737

2024-07-0122:15:02

[email protected]

web.nvd.nist.gov

cve-2024-23737

cross site request forgery

savignano s/notify

jira

s/mime certificate

pgp key

malicious link

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user’s S/MIME certificate of PGP key via malicious link or email.

References

help.savignano.net/snotify-email-encryption/sa-2023-11-28#SA-2023-11-28-CSRFbasedvulnerabilityinuserupload