Lucene search
GitHub_MCVELIST:CVE-2024-21644HistoryJan 08, 2024 - 1:20 p.m.
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage
2024-01-0813:20:55
CWE-284
GitHub_M
www.cve.org
pyload
unauthenticated
flask
configuration
leakage
cve-2024-21644
download manager
python
patched
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.118 Low
EPSS
Percentile
95.3%
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET_KEY variable. This issue has been patched in version 0.5.0b3.dev77.
CNA Affected
[
{
"vendor": "pyload",
"product": "pyload",
"versions": [
{
"version": "< 0.5.0b3.dev77",
"status": "affected"
}
]
}
]Related
osv
osv
CVE-2024-21644
2024-01-08 14:15:47
pyload Unauthenticated Flask Configuration Leakage vulnerability
2024-01-08 15:40:39
prion
prion
Design/Logic Flaw
2024-01-08 14:15:00
nvd
nvd
CVE-2024-21644
2024-01-08 14:15:47
cve
cve
CVE-2024-21644
2024-01-08 14:15:47
veracode
veracode
Information Disclosure
2024-01-09 06:36:14
github
github
pyload Unauthenticated Flask Configuration Leakage vulnerability
2024-01-08 15:40:39
nuclei
nuclei
pyLoad Flask Config - Access Control
2024-01-29 16:33:24
githubexploit
githubexploit
Exploit for Improper Access Control in Pyload
2024-03-30 01:00:31
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.118 Low
EPSS
Percentile
95.3%
Related for CVELIST:CVE-2024-21644