Home > Vulnerability Database > CVE-2024-28216

Mend.io Vulnerability Database

CVE-2024-28216

Date: March 6, 2024

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

Language: Java

Severity Score

5.4

Related Resources (3)

Url: https://cve.naver.com/detail/cve-2024-28216.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-28216

Url: https://www.mend.io/vulnerability-database/CVE-2024-28216

Severity Score

5.4

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-28216

Date: March 6, 2024

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?