Home > Vulnerability Database > CVE-2024-41811

Mend.io Vulnerability Database

CVE-2024-41811

Date: August 5, 2024

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once "icinga-php-library" is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the "icinga-php-library" v0.14.1 release.

Language: PHP

Severity Score

3.9

Related Resources (6)

Url: https://github.com/Icinga/ipl-web

Url: https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j

Url: https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41811

Url: https://security-tracker.debian.org/tracker/CVE-2024-41811

Url: https://www.mend.io/vulnerability-database/CVE-2024-41811

Severity Score

3.9

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

CVSS v3.1

Base Score:	3.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41811

Date: August 5, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?